build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#6808) #11064
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test Pull Request | |
# Trigger the workflow on push or pull request | |
on: | |
push: | |
branches-ignore: | |
- "dependabot/**" | |
pull_request: | |
types: [opened, synchronize] | |
permissions: | |
contents: read | |
env: | |
GOPROXY: https://proxy.golang.org/ | |
GO_VERSION: 1.23.2 | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: v1.61.0 | |
args: --build-tags=e2e,conformance,gcp,oidc,none --out-format=colored-line-number | |
codespell: | |
name: Codespell | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Codespell | |
uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2.1 | |
with: | |
skip: .git,*.png,*.woff,*.woff2,*.eot,*.ttf,*.jpg,*.ico,*.svg,./site/themes/contour/static/fonts/README.md,./vendor,./site/public,./hack/actions/check-changefile-exists.go,go.mod,go.sum | |
ignore_words_file: './.codespell.ignorewords' | |
check_filenames: true | |
check_hidden: true | |
codegen: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: generate | |
run: | | |
make generate lint-yamllint lint-flags | |
./hack/actions/check-uncommitted-codegen.sh | |
build-image: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
with: | |
version: latest | |
- name: Build image | |
env: | |
TAG_LATEST: "false" | |
run: | | |
make multiarch-build | |
- name: Upload image | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: image | |
path: image/contour-*.tar | |
e2e: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
strategy: | |
matrix: | |
# use stable kubernetes_version values since they're included | |
# in the name of the GitHub Actions job, and we don't want to | |
# have to update branch protection rules every time we change | |
# a Kubernetes version number. | |
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"] | |
# run tests using the configuration crd as well as without | |
config_type: ["ConfigmapConfiguration", "ContourConfiguration"] | |
# include defines an additional variable (the specific node | |
# image to use) for each kubernetes_version value. | |
include: | |
- kubernetes_version: "kubernetes:latest" | |
node_image: "docker.io/kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865" | |
- kubernetes_version: "kubernetes:n-1" | |
node_image: "docker.io/kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114" | |
- kubernetes_version: "kubernetes:n-2" | |
node_image: "docker.io/kindest/node:v1.29.8@sha256:d46b7aa29567e93b27f7531d258c372e829d7224b25e3fc6ffdefed12476d3aa" | |
- config_type: "ConfigmapConfiguration" | |
use_config_crd: "false" | |
- config_type: "ContourConfiguration" | |
use_config_crd: "true" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Download image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: e2e tests | |
env: | |
NODEIMAGE: ${{ matrix.node_image }} | |
LOAD_PREBUILT_IMAGE: "true" | |
USE_CONTOUR_CONFIGURATION_CRD: ${{ matrix.use_config_crd }} | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make e2e | |
upgrade: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
strategy: | |
matrix: | |
# use stable kubernetes_version values since they're included | |
# in the name of the GitHub Actions job, and we don't want to | |
# have to update branch protection rules every time we change | |
# a Kubernetes version number. | |
kubernetes_version: ["kubernetes:latest", "kubernetes:n-1", "kubernetes:n-2"] | |
# include defines an additional variable (the specific node | |
# image to use) for each kubernetes_version value. | |
include: | |
- kubernetes_version: "kubernetes:latest" | |
node_image: "docker.io/kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865" | |
- kubernetes_version: "kubernetes:n-1" | |
node_image: "docker.io/kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114" | |
- kubernetes_version: "kubernetes:n-2" | |
node_image: "docker.io/kindest/node:v1.29.8@sha256:d46b7aa29567e93b27f7531d258c372e829d7224b25e3fc6ffdefed12476d3aa" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
# Fetch history for all tags and branches so we can figure out most | |
# recent release tag. | |
fetch-depth: 0 | |
- name: Download image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: upgrade tests | |
env: | |
NODEIMAGE: ${{ matrix.node_image }} | |
MULTINODE_CLUSTER: "true" | |
LOAD_PREBUILT_IMAGE: "true" | |
SKIP_GATEWAY_API_INSTALL: "true" | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make upgrade | |
test-linux: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: test | |
env: | |
# TODO: remove once https://github.com/golang/go/issues/65653 is fixed | |
GOEXPERIMENT: nocoverageredesign | |
run: | | |
make install | |
make check-coverage | |
- name: codeCoverage | |
if: ${{ success() }} | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: coverage.out | |
test-osx: | |
needs: | |
- lint | |
- codespell | |
- codegen | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Windows) | |
path: | | |
~/go/pkg/mod | |
~/Library/Caches/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: test | |
env: | |
# TODO: remove once https://github.com/golang/go/issues/65653 is fixed | |
GOEXPERIMENT: nocoverageredesign | |
run: | | |
make install | |
make check-coverage | |
gateway-conformance: | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Download image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: image | |
path: image | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
# * Module download cache | |
# * Build cache (Linux) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.job }}-go- | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: false | |
- name: add deps to path | |
run: | | |
./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
- name: Gateway API conformance tests | |
env: | |
LOAD_PREBUILT_IMAGE: "true" | |
run: | | |
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(ls ./image/contour-*.tar | sed -E 's/.*contour-(.*).tar/\1/')" | |
make gateway-conformance |