Skip to content

Commit

Permalink
Reuse workflow CI (#10826)
Browse files Browse the repository at this point in the history 
* Reuse workflow CI

* Simplify images Makefiles
  • Loading branch information
@rikatz
rikatz authored Jan 13, 2024
1 parent 00db204 commit c9a3571
Show file tree
Hide file tree
Showing 39 changed files with 385 additions and 782 deletions.
286 changes: 18 additions & 268 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow

push:
branches:
Expand All @@ -16,6 +17,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow

workflow_dispatch:
inputs:
Expand Down Expand Up @@ -86,7 +88,7 @@ jobs:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true')
steps:
- name: Checkout
Expand Down Expand Up @@ -147,7 +149,7 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.charts == 'true')
strategy:
matrix:
Expand Down Expand Up @@ -225,296 +227,44 @@ jobs:
kubernetes:
name: Kubernetes
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz

- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}

kubernetes-validations:
name: Kubernetes with Validations
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz

- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
ENABLE_VALIDATIONS: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-validations-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'

uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "VALIDATIONS"

kubernetes-chroot:
name: Kubernetes chroot
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]

steps:

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz

- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
IS_CHROOT: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-chroot-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'

test-nginx-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
nginx-base:
- 'images/nginx/**'
- name: nginx-base-image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
run: |
cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
- name: Run Trivy on NGINX Image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
format: 'sarif'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }}
uses: github/codeql-action/[email protected]
with:
sarif_file: 'trivy-results.sarif'


test-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
echo:
- 'images/echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
- name: custom-error-pages image build
if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }}
run: |
cd images/custom-error-pages && make build
- name: cfssl image build
if: ${{ steps.filter-images.outputs.cfssl == 'true' }}
run: |
cd images/cfssl && make build
- name: fastcgi-helloserver
if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }}
run: |
cd images/fastcgi-helloserver && make build
- name: echo image build
if: ${{ steps.filter-images.outputs.echo == 'true' }}
run: |
cd images/echo && make build
- name: go-grpc-greeter-server image build
if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
run: |
cd images/go-grpc-greeter-server && make build
- name: httpbun image build
if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
run: |
cd images/httpbun && make build
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make build
- name: ext-auth-example-authsvc
if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }}
run: |
cd images/ext-auth-example-authsvc && make build
test-image:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests

runs-on: ubuntu-latest

env:
PLATFORMS: linux/amd64

(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
- name: Create Kubernetes cluster
id: kind
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Set up Go
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true

- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make test test-e2e
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"
9 changes: 3 additions & 6 deletions .github/workflows/golangci-lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,10 @@ name: golangci-lint

on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- "*"
paths:
- '**/*.go'

permissions:
contents: read
Expand Down
Loading

0 comments on commit c9a3571

Please sign in to comment.