Skip to content

build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#6808) #11064

build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#6808)

build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#6808) #11064

Workflow file for this run

name: Build and Test Pull Request
# Trigger the workflow on push or pull request
on:
push:
branches-ignore:
- "dependabot/**"
pull_request:
types: [opened, synchronize]
permissions:
contents: read
env:
GOPROXY: https://proxy.golang.org/
GO_VERSION: 1.23.2
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: v1.61.0
args: --build-tags=e2e,conformance,gcp,oidc,none --out-format=colored-line-number
codespell:
name: Codespell
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Codespell
uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2.1
with:
skip: .git,*.png,*.woff,*.woff2,*.eot,*.ttf,*.jpg,*.ico,*.svg,./site/themes/contour/static/fonts/README.md,./vendor,./site/public,./hack/actions/check-changefile-exists.go,go.mod,go.sum
ignore_words_file: './.codespell.ignorewords'
check_filenames: true
check_hidden: true
codegen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: generate
run: |
make generate lint-yamllint lint-flags
./hack/actions/check-uncommitted-codegen.sh
build-image:
needs:
- lint
- codespell
- codegen
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
with:
version: latest
- name: Build image
env:
TAG_LATEST: "false"
run: |
make multiarch-build
- name: Upload image
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: image
path: image/contour-*.tar
e2e:
runs-on: ubuntu-latest
needs: [build-image]
strategy:
matrix:
# use stable kubernetes_version values since they're included
# in the name of the GitHub Actions job, and we don't want to
# have to update branch protection rules every time we change
# a Kubernetes version number.
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"]
# run tests using the configuration crd as well as without
config_type: ["ConfigmapConfiguration", "ContourConfiguration"]
# include defines an additional variable (the specific node
# image to use) for each kubernetes_version value.
include:
- kubernetes_version: "kubernetes:latest"
node_image: "docker.io/kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865"
- kubernetes_version: "kubernetes:n-1"
node_image: "docker.io/kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114"
- kubernetes_version: "kubernetes:n-2"
node_image: "docker.io/kindest/node:v1.29.8@sha256:d46b7aa29567e93b27f7531d258c372e829d7224b25e3fc6ffdefed12476d3aa"
- config_type: "ConfigmapConfiguration"
use_config_crd: "false"
- config_type: "ContourConfiguration"
use_config_crd: "true"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Download image
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: image
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: e2e tests
env:
NODEIMAGE: ${{ matrix.node_image }}
LOAD_PREBUILT_IMAGE: "true"
USE_CONTOUR_CONFIGURATION_CRD: ${{ matrix.use_config_crd }}
run: |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')"
make e2e
upgrade:
runs-on: ubuntu-latest
needs: [build-image]
strategy:
matrix:
# use stable kubernetes_version values since they're included
# in the name of the GitHub Actions job, and we don't want to
# have to update branch protection rules every time we change
# a Kubernetes version number.
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"]
# include defines an additional variable (the specific node
# image to use) for each kubernetes_version value.
include:
- kubernetes_version: "kubernetes:latest"
node_image: "docker.io/kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865"
- kubernetes_version: "kubernetes:n-1"
node_image: "docker.io/kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114"
- kubernetes_version: "kubernetes:n-2"
node_image: "docker.io/kindest/node:v1.29.8@sha256:d46b7aa29567e93b27f7531d258c372e829d7224b25e3fc6ffdefed12476d3aa"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# Fetch history for all tags and branches so we can figure out most
# recent release tag.
fetch-depth: 0
- name: Download image
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: image
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: upgrade tests
env:
NODEIMAGE: ${{ matrix.node_image }}
MULTINODE_CLUSTER: "true"
LOAD_PREBUILT_IMAGE: "true"
SKIP_GATEWAY_API_INSTALL: "true"
run: |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')"
make upgrade
test-linux:
needs:
- lint
- codespell
- codegen
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: test
env:
# TODO: remove once https://github.com/golang/go/issues/65653 is fixed
GOEXPERIMENT: nocoverageredesign
run: |
make install
make check-coverage
- name: codeCoverage
if: ${{ success() }}
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.out
test-osx:
needs:
- lint
- codespell
- codegen
runs-on: macos-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Windows)
path: |
~/go/pkg/mod
~/Library/Caches/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: test
env:
# TODO: remove once https://github.com/golang/go/issues/65653 is fixed
GOEXPERIMENT: nocoverageredesign
run: |
make install
make check-coverage
gateway-conformance:
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Download image
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: image
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
# * Module download cache
# * Build cache (Linux)
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-${{ github.job }}-go-
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: add deps to path
run: |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: Gateway API conformance tests
env:
LOAD_PREBUILT_IMAGE: "true"
run: |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')"
make gateway-conformance