[Snyk] Security upgrade golang from 1.17.7 to 1.23.3 #204
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
jobs: | |
check: | |
name: Check | |
runs-on: ubuntu-latest | |
# Execute the checks inside the container instead the VM. | |
container: golangci/golangci-lint:v1.43.0-alpine | |
steps: | |
- uses: actions/checkout@v2 | |
- run: ./scripts/check/check.sh | |
unit-test: | |
name: Unit test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17 | |
- run: make ci-test | |
- uses: codecov/[email protected] | |
with: | |
token: ${{ secrets.CODECOV_UPLOAD_TOKEN }} | |
file: ./.test_coverage.txt | |
fail_ci_if_error: false | |
helm-chart-test: | |
name: Helm chart test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17 | |
- name: Execute tests | |
env: | |
HELM_VERSION: v3.6.3 | |
run: | | |
# Get dependencies. | |
echo "Getting dependencies..." | |
curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -xz && mv ./linux-amd64/helm /usr/local/bin && chmod +x /usr/local/bin/helm | |
make ci-helm-test | |
integration-test-cli: | |
name: Integration test CLI | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17 | |
- name: Execute tests | |
run: | | |
# Build binary. | |
echo "Building binary..." | |
make ci-build | |
sudo mv ./bin/sloth /usr/local/bin/ | |
# Execute integration tests. | |
echo "Executing integration tests..." | |
make ci-integration-cli | |
integration-test-k8s: | |
name: Integration test Kubernetes | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
kubernetes: [1.19.11, 1.20.7, 1.21.1, 1.22.0, 1.23.0] | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17 | |
- name: Execute tests | |
env: | |
KIND_VERSION: v0.11.0 | |
run: | | |
# Get dependencies. | |
echo "Getting dependencies..." | |
curl -Lo kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64 && chmod +x kind && sudo mv kind /usr/local/bin/ | |
curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v${{ matrix.kubernetes }}/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/ | |
# Start cluster. | |
echo "Starting ${{ matrix.kubernetes }} Kubernetes cluster..." | |
kind create cluster --image kindest/node:v${{ matrix.kubernetes }} | |
kind get kubeconfig > /tmp/test.kubeconfig | |
# Register CRDs. | |
kubectl apply -f ./pkg/kubernetes/gen/crd/ | |
kubectl apply -f ./test/integration/crd | |
# Build binary. | |
echo "Building binary..." | |
make ci-build | |
sudo mv ./bin/sloth /usr/local/bin/ | |
# Execute integration tests. | |
echo "Executing integration tests..." | |
export SLOTH_INTEGRATION_KUBE_CONFIG=/tmp/test.kubeconfig | |
make ci-integration-k8s | |
rolling-release-images: | |
# Only on main branch. | |
if: startsWith(github.ref, 'refs/heads/main') | |
env: | |
TAG_IMAGE_LATEST: "true" | |
PROD_IMAGE_NAME: ghcr.io/${GITHUB_REPOSITORY} | |
VERSION: ${GITHUB_SHA} | |
needs: [check, unit-test, integration-test-cli, integration-test-k8s, helm-chart-test] | |
name: Release images | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Docker login | |
run: docker login ghcr.io -u ${{ github.actor }} -p "${{ secrets.GITHUB_TOKEN }}" | |
- name: Build and publish docker images | |
run: make build-publish-image-all | |
tagged-release-images: | |
# Only on tags. | |
if: startsWith(github.ref, 'refs/tags/') | |
env: | |
PROD_IMAGE_NAME: ghcr.io/${GITHUB_REPOSITORY} | |
needs: [check, unit-test, integration-test-cli, integration-test-k8s, helm-chart-test] | |
name: Tagged release images | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "VERSION=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} # Sets VERSION env var. | |
- uses: actions/checkout@v2 | |
- name: Docker login | |
run: docker login ghcr.io -u ${{ github.actor }} -p "${{ secrets.GITHUB_TOKEN }}" | |
- name: Build and publish docker images | |
run: make build-publish-image-all | |
tagged-release-binaries: | |
# Only on tags. | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: [check, unit-test, integration-test-cli, integration-test-k8s, helm-chart-test] | |
name: Tagged release binaries | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "VERSION=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} # Sets VERSION env var. | |
- uses: actions/checkout@v2 | |
- name: Build binaries | |
run: | | |
mkdir -p ./bin | |
chmod -R 0777 ./bin | |
make build-all | |
- name: Upload binaries | |
uses: xresloader/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
file: "bin/*" | |
tags: true | |
draft: true |