vnext #1619
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
push: | |
# Publish `main` as Docker `latest` image. | |
branches: | |
- main | |
- dev | |
- dev-* | |
- release-* | |
# Publish `v1.2.3` tags as releases. | |
tags: | |
- v* | |
# Run tests for all PRs | |
pull_request: | |
env: | |
VAULT_ADDR: https://vault.eng.aserto.com/ | |
PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }} | |
GO_VERSION: "1.23" | |
GO_RELEASER_VERSION: "v2.3.2" | |
GO_LANGCI_LINT_VERSION: "v1.61.0" | |
GO_TESTSUM_VERSION: "1.11.0" | |
SYFT_VERSION: "v1.13.0" | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Read Configuration | |
uses: hashicorp/vault-action@v3 | |
id: vault | |
with: | |
url: https://vault.eng.aserto.com/ | |
token: ${{ secrets.VAULT_TOKEN }} | |
secrets: | | |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY; | |
kv/data/github "USERNAME" | DOCKER_USERNAME; | |
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD; | |
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN; | |
- | |
uses: actions/checkout@v4 | |
- | |
name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- | |
name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
- | |
name: Login to GitHub Packages Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: https://ghcr.io | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- | |
name: Docker SSH Setup | |
run: | | |
mkdir -p $HOME/.ssh | |
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa | |
ssh-keyscan github.com >> $HOME/.ssh/known_hosts | |
git config --global url."[email protected]:".insteadOf https://github.com/ | |
git config --global user.email "[email protected]" | |
git config --global user.name "Aserto Bot" | |
eval `ssh-agent` | |
ssh-add $HOME/.ssh/id_rsa | |
- | |
name: Build | |
uses: goreleaser/goreleaser-action@v6 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
distribution: goreleaser | |
version: ${{ env.GO_RELEASER_VERSION }} | |
args: build --clean --snapshot --single-target | |
- | |
name: Lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: ${{ env.GO_LANGCI_LINT_VERSION }} | |
args: --timeout=30m | |
- | |
name: Test Snapshot | |
uses: goreleaser/goreleaser-action@v6 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
distribution: goreleaser | |
version: ${{ env.GO_RELEASER_VERSION }} | |
args: release --clean --snapshot --config .goreleaser-test.yml | |
- | |
name: Test Setup | |
uses: gertd/[email protected] | |
with: | |
gotestsum_version: ${{ env.GO_TESTSUM_VERSION }} | |
- | |
name: Test | |
run: | | |
gotestsum --format short-verbose -- -count=1 -parallel=1 -v -timeout=120s -coverprofile=cover.out -coverpkg=./... ./... | |
- | |
name: Upload code coverage | |
uses: shogo82148/actions-goveralls@v1 | |
continue-on-error: true | |
with: | |
path-to-profile: cover.out | |
push: | |
runs-on: ubuntu-latest | |
# when on a branch only push if the branch is main | |
# always push when ref is a tag | |
if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-') || startsWith(github.ref, 'refs/heads/dev-') || startsWith(github.ref, 'refs/tags/v') ) | |
steps: | |
- | |
name: Read Configuration | |
uses: hashicorp/vault-action@v3 | |
id: vault | |
with: | |
url: https://vault.eng.aserto.com/ | |
token: ${{ secrets.VAULT_TOKEN }} | |
secrets: | | |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY; | |
kv/data/github "USERNAME" | DOCKER_USERNAME; | |
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD; | |
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN; | |
- | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- | |
name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- | |
name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
- | |
name: Login to GitHub Packages Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: https://ghcr.io | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- | |
name: Docker SSH Setup | |
run: | | |
mkdir -p $HOME/.ssh | |
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa | |
ssh-keyscan github.com >> $HOME/.ssh/known_hosts | |
git config --global url."[email protected]:".insteadOf https://github.com/ | |
git config --global user.email "[email protected]" | |
git config --global user.name "Aserto Bot" | |
eval `ssh-agent` | |
ssh-add $HOME/.ssh/id_rsa | |
- | |
name: Wait for tests to succeed | |
uses: fountainhead/[email protected] | |
id: wait-for-tests | |
with: | |
token: ${{ env.READ_WRITE_TOKEN }} | |
checkName: test | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- | |
name: Stop if tests fail | |
if: steps.wait-for-tests.outputs.conclusion != 'success' | |
run: exit 1 | |
- | |
name: Setup syft | |
uses: anchore/sbom-action/download-syft@v0 | |
with: | |
syft-version: ${{ env.SYFT_VERSION }} | |
- | |
name: Push image to GitHub Container Registry | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: ${{ env.GO_RELEASER_VERSION }} | |
args: release --clean --snapshot | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
needs: [test, push] | |
runs-on: ubuntu-latest | |
# Only release when ref is a tag | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- | |
name: Read Configuration | |
uses: hashicorp/vault-action@v3 | |
id: vault | |
with: | |
url: https://vault.eng.aserto.com/ | |
token: ${{ secrets.VAULT_TOKEN }} | |
secrets: | | |
kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY; | |
kv/data/github "USERNAME" | DOCKER_USERNAME; | |
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD; | |
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN; | |
kv/data/github "ASERTO_TAP" | ASERTO_TAP; | |
- | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- | |
name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- | |
name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
- | |
name: Login to GitHub Packages Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: https://ghcr.io | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- | |
name: Docker SSH Setup | |
run: | | |
mkdir -p $HOME/.ssh | |
umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa | |
ssh-keyscan github.com >> $HOME/.ssh/known_hosts | |
git config --global url."[email protected]:".insteadOf https://github.com/ | |
git config --global user.email "[email protected]" | |
git config --global user.name "Aserto Bot" | |
eval `ssh-agent` | |
ssh-add $HOME/.ssh/id_rsa | |
- | |
name: Setup syft | |
uses: anchore/sbom-action/download-syft@v0 | |
with: | |
syft-version: ${{ env.SYFT_VERSION }} | |
- | |
name: Release | |
uses: goreleaser/goreleaser-action@v6 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HOMEBREW_TAP: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
distribution: goreleaser | |
version: ${{ env.GO_RELEASER_VERSION }} | |
args: release --clean | |
- | |
name: Archive deployment examples | |
run: | | |
cd docs/deployments/sidecar-deployment && zip topaz_deployment_examples.zip *.yaml | |
- | |
name: Upload deployment examples | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: docs/deployments/sidecar-deployment | |
asset_name: topaz_deployment_examples.zip | |
tag: ${{ github.ref }} | |
overwrite: false | |
msi: | |
needs: release | |
runs-on: windows-latest | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- | |
name: Read Configuration | |
uses: hashicorp/vault-action@v3 | |
id: vault | |
with: | |
url: ${{ env.VAULT_ADDR }} | |
token: ${{ secrets.VAULT_TOKEN }} | |
secrets: | | |
kv/data/github "ROOT_TOKEN" | ROOT_TOKEN; | |
- | |
name: Download exe | |
id: download_exe | |
shell: bash | |
run: | | |
gh release download "${GITHUB_REF#refs/tags/}" -p "topaz_windows_x86_64.zip" | |
printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT | |
unzip -o *.zip && rm -v *.zip | |
env: | |
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }} | |
- | |
name: Install go-msi | |
run: choco install -y "go-msi" | |
- | |
name: Prepare PATH | |
shell: bash | |
run: | | |
echo "$WIX\\bin" >> $GITHUB_PATH | |
echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH | |
- | |
name: Build MSI | |
id: buildmsi | |
shell: bash | |
env: | |
ZIP_FILE: ${{ steps.download_exe.outputs.zip }} | |
run: | | |
mkdir -p build | |
msi="$(basename "$ZIP_FILE" ".zip").msi" | |
printf "msi=${msi}" >> $GITHUB_OUTPUT | |
go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}" | |
- | |
name: Upload MSI | |
shell: bash | |
run: | | |
tag_name="${GITHUB_REF#refs/tags/}" | |
gh release upload "$tag_name" "$MSI_FILE" --repo aserto-dev/topaz --clobber | |
env: | |
MSI_FILE: ${{ steps.buildmsi.outputs.msi }} | |
GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }} |