Configure Renovate #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| env: | |
| # Common versions | |
| GO_VERSION: "1.20" | |
| GOLANGCI_VERSION: "v1.51.0" | |
| DOCKER_BUILDX_VERSION: "v0.9.1" | |
| # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run | |
| # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether | |
| # credentials have been provided before trying to run steps that need them. | |
| DOCKER_USR: ${{ secrets.DOCKER_USR }} | |
| AWS_USR: ${{ secrets.AWS_USR }} | |
| jobs: | |
| detect-noop: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| noop: ${{ steps.noop.outputs.should_skip }} | |
| steps: | |
| - name: Detect No-op Changes | |
| id: noop | |
| uses: fkirc/[email protected] | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
| do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
| concurrent_skipping: false | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go.outputs.cache }} | |
| key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-lint- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Vendor Dependencies | |
| run: make vendor vendor.check | |
| # We could run 'make lint' to ensure our desired Go version, but we prefer | |
| # this action because it leaves 'annotations' (i.e. it comments on PRs to | |
| # point out linter violations). | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: ${{ env.GOLANGCI_VERSION }} | |
| skip-cache: true | |
| args: --timeout 5m --verbose | |
| check-diff: | |
| runs-on: ubuntu-22.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go.outputs.cache }} | |
| key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-check-diff- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Vendor Dependencies | |
| run: make vendor vendor.check | |
| - name: Check Diff | |
| run: make check-diff | |
| unit-tests: | |
| runs-on: ubuntu-22.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go.outputs.cache }} | |
| key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-unit-tests- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Vendor Dependencies | |
| run: make vendor vendor.check | |
| - name: Run Unit Tests | |
| run: make -j2 test | |
| - name: Publish Unit Test Coverage | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| flags: unittests | |
| file: _output/tests/linux_amd64/coverage.txt | |
| e2e-tests: | |
| runs-on: ubuntu-22.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: all | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| version: ${{ env.DOCKER_BUILDX_VERSION }} | |
| install: true | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go.outputs.cache }} | |
| key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-e2e-tests- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pkg- | |
| - name: Vendor Dependencies | |
| run: make vendor vendor.check | |
| - name: Build Helm Chart | |
| run: BUILD_REGISTRY=ghcr.io/edgefarm/provider-natssecrets DOCKER_REGISTRY=ghcr.io/edgefarm/provider-natssecrets make -j2 build | |
| env: | |
| # We're using docker buildx, which doesn't actually load the images it | |
| # builds by default. Specifying --load does so. | |
| BUILD_ARGS: "--load" | |
| - name: Run E2E Tests | |
| timeout-minutes: 20 | |
| run: BUILD_REGISTRY=ghcr.io/edgefarm/provider-natssecrets DOCKER_REGISTRY=ghcr.io/edgefarm/provider-natssecrets make e2e USE_HELM3=true | |
| env: | |
| # We're using docker buildx, which doesn't actually load the images it | |
| # builds by default. Specifying --load does so. | |
| BUILD_ARGS: "--load" | |
| publish-artifacts: | |
| runs-on: ubuntu-22.04 | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: all | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| version: ${{ env.DOCKER_BUILDX_VERSION }} | |
| install: true | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Find the Go Build Cache | |
| id: go | |
| run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT | |
| - name: Cache the Go Build Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go.outputs.cache }} | |
| key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-build-publish-artifacts- | |
| - name: Cache Go Dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: .work/pkg | |
| key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-pkg- | |
| - name: Vendor Dependencies | |
| run: make vendor vendor.check | |
| - name: Build Artifacts | |
| # We are building these artifacts for ghcr.io/edgefarm/provider-natssecrets not crossplane | |
| # because we are not yet ready to move this provider to the Crossplane org. | |
| run: BUILD_REGISTRY=ghcr.io/edgefarm/provider-natssecrets make -j2 build.all | |
| env: | |
| # We're using docker buildx, which doesn't actually load the images it | |
| # builds by default. Specifying --load does so. | |
| BUILD_ARGS: "--load" | |
| - name: Publish Artifacts to GitHub | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: output | |
| path: _output/** | |
| - name: Login to Docker | |
| uses: docker/login-action@v2 | |
| if: env.DOCKER_USR != '' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.DOCKER_USR }} | |
| password: ${{ secrets.DOCKER_PSW }} | |
| # The last two steps are specific and divergent from the Crossplane build process. | |
| # It can be reverted once this provider is moved to the Crossplane org. | |
| - name: Publish Artifacts to container registry | |
| # We are building these artifacts for ghcr.io/edgefarm/provider-natssecrets not crossplane | |
| # because we are not yet ready to move this provider to the Crossplane org. | |
| run: DOCKER_REGISTRY=ghcr.io/edgefarm/provider-natssecrets BUILD_REGISTRY=ghcr.io/edgefarm/provider-natssecrets make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} | |
| if: env.DOCKER_USR != '' | |
| env: | |
| GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| DOCS_GIT_USR: ${{ secrets.UPBOUND_BOT_GITHUB_USR }} | |
| DOCS_GIT_PSW: ${{ secrets.UPBOUND_BOT_GITHUB_PSW }} | |
| - name: Promote Artifacts in container registry | |
| if: github.ref == 'refs/heads/main' && env.DOCKER_USR != '' | |
| run: DOCKER_REGISTRY=ghcr.io/edgefarm/provider-natssecrets BUILD_REGISTRY=ghcr.io/edgefarm/provider-natssecrets make -j2 promote | |
| env: | |
| BRANCH_NAME: main | |
| CHANNEL: master | |
| # These are the original steps from the Crossplane build process. | |
| # - name: Publish Artifacts to S3 and Docker Hub | |
| # run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} | |
| # if: env.AWS_USR != '' && env.DOCKER_USR != '' | |
| # env: | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} | |
| # GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # DOCS_GIT_USR: ${{ secrets.UPBOUND_BOT_GITHUB_USR }} | |
| # DOCS_GIT_PSW: ${{ secrets.UPBOUND_BOT_GITHUB_PSW }} | |
| # - name: Promote Artifacts in S3 and Docker Hub | |
| # if: github.ref == 'refs/heads/main' && env.AWS_USR != '' && env.DOCKER_USR != '' | |
| # run: make -j2 promote | |
| # env: | |
| # BRANCH_NAME: main | |
| # CHANNEL: master | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} |