DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reuse workflow CI

Browse source
This commit is contained in:
Ricardo Katz 2024-01-07 21:41:23 +00:00
parent 07b50e635e
commit 2f0cbae629
6 changed files with 287 additions and 275 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

280
.github/workflows/ci.yaml vendored
View file

@ -8,6 +8,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
push:
branches:
@ -16,6 +17,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
workflow_dispatch:
inputs:
@ -86,7 +88,7 @@ jobs:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true')
steps:
- name: Checkout
@ -147,7 +149,7 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.charts == 'true')
strategy:
matrix:
@ -225,296 +227,44 @@ jobs:
kubernetes:
name: Kubernetes
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
k8s-version: ${{ matrix.k8s }}
kubernetes-validations:
name: Kubernetes with Validations
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
ENABLE_VALIDATIONS: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-validations-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
k8s-version: ${{ matrix.k8s }}
variation: "VALIDATIONS"
kubernetes-chroot:
name: Kubernetes chroot
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
IS_CHROOT: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-chroot-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
test-nginx-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
nginx-base:
- 'images/nginx/**'
- name: nginx-base-image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
run: |
cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
- name: Run Trivy on NGINX Image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
format: 'sarif'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }}
uses: github/codeql-action/upload-sarif@v3.22.12
with:
sarif_file: 'trivy-results.sarif'
test-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
echo:
- 'images/echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
- name: custom-error-pages image build
if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }}
run: |
cd images/custom-error-pages && make build
- name: cfssl image build
if: ${{ steps.filter-images.outputs.cfssl == 'true' }}
run: |
cd images/cfssl && make build
- name: fastcgi-helloserver
if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }}
run: |
cd images/fastcgi-helloserver && make build
- name: echo image build
if: ${{ steps.filter-images.outputs.echo == 'true' }}
run: |
cd images/echo && make build
- name: go-grpc-greeter-server image build
if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
run: |
cd images/go-grpc-greeter-server && make build
- name: httpbun image build
if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
run: |
cd images/httpbun && make build
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make build
- name: ext-auth-example-authsvc
if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }}
run: |
cd images/ext-auth-example-authsvc && make build
test-image:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
- name: Create Kubernetes cluster
id: kind
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Set up Go
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make test test-e2e
k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"

9
.github/workflows/golangci-lint.yml vendored
View file

@ -2,13 +2,10 @@ name: golangci-lint
on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- "*"
paths:
- '**/*.go'
permissions:
contents: read

172
.github/workflows/images.yaml vendored Normal file
View file

@ -0,0 +1,172 @@
name: Container Images
on:
pull_request:
branches:
- "*"
paths:
- 'images/**'
push:
branches:
- main
paths:
- 'images/**'
permissions:
contents: read
env:
PLATFORMS: linux/amd64
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }}
cfssl: ${{ steps.filter.outputs.cfssl }}
fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }}
echo: ${{ steps.filter.outputs.echo }}
go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }}
httpbun: ${{ steps.filter.outputs.httpbun }}
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
echo:
- 'images/echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl:
needs: changes
if: |
(needs.changes.outputs.cfssl == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: cfssl
custom-error-pages:
needs: changes
if: |
(needs.changes.outputs.custom-error-pages == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: custom-error-pages
echo:
needs: changes
if: |
(needs.changes.outputs.echo == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: echo
ext-auth-example-authsvc:
needs: changes
if: |
(needs.changes.outputs.ext-auth-example-authsvc == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: ext-auth-example-authsvc
fastcfgi-helloserver:
needs: changes
if: |
(needs.changes.outputs.fastcfgi-helloserver == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: fastcfgi-helloserver
go-grpc-greeter-server:
needs: changes
if: |
(needs.changes.outputs.go-grpc-greeter-server == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: go-grpc-greeter-server
httpbun:
needs: changes
if: |
(needs.changes.outputs.httpbun == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: httpbun
kube-webhook-certgen:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.kube-webhook-certgen == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
id: go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true
- name: image build
run: |
cd images/kube-webhook-certgen && make build
- name: Create Kubernetes cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: image test
run: |
cd images/kube-webhook-certgen && make test test-e2e
nginx:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.nginx == 'true')
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: nginx-base-image
run: |
cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
- name: Run Trivy on NGINX Image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
format: 'sarif'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3.22.12
with:
sarif_file: 'trivy-results.sarif'

36
.github/workflows/zz-tmpl-images.yaml vendored Normal file
View file

@ -0,0 +1,36 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
name:
required: true
type: string
platforms-test:
type: string
default: linux/amd64
platforms-publish:
type: string
default: linux/amd64
env:
PLATFORMS: ${{ inputs.platforms-test }}
permissions:
contents: read
jobs:
image-build:
name: Build ${{ inputs.name }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build
run: |
cd images/${{ inputs.name }} && make build

57
.github/workflows/zz-tmpl-k8s-e2e.yaml vendored Normal file
View file

@ -0,0 +1,57 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
k8s-version:
required: true
type: string
variation:
type: string
permissions:
contents: read
jobs:
kubernetes:
name: Kubernetes ${{ inputs.variation }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ inputs.k8s-version }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests ${{ inputs.variation }}
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }}
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports ${{ inputs.variation }}
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
path: 'test/junitreports/report*.xml'

2
images/cfssl/rootfs/Dockerfile
View file

@ -13,7 +13,7 @@
# limitations under the License.
FROM alpine:3.19.0
# BLA
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk update \