Skip to content

deps: update github/codeql-action action to v3.24.9 #15927

deps: update github/codeql-action action to v3.24.9

deps: update github/codeql-action action to v3.24.9 #15927

Workflow file for this run

name: CI
on:
push:
branches:
- 'main'
- '[0-9]+.[1-9][0-9]*.x'
pull_request:
branches:
- 'main'
- '[0-9]+.[1-9][0-9]*.x'
- 'epic/*'
paths-ignore:
- "docs/**"
- "**.md"
- "netlify.toml"
- "mkdocs.yml"
- ".github/actions/spelling/*"
# Declare default permissions as read only.
permissions: read-all
env:
GO_VERSION: "~1.21"
# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools
CONTROLLER_TOOLS_VERSION: "v0.13.0"
ENVTEST_K8S_VERSION: "1.24.2"
SCHEDULER_COMPATIBLE_K8S_VERSION: "v0.24.3"
defaults:
run:
shell: bash
jobs:
prepare_ci_run:
name: Prepare CI Run
runs-on: ubuntu-22.04
outputs:
GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }}
BRANCH: ${{ steps.extract_branch.outputs.BRANCH }}
BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }}
DATETIME: ${{ steps.get_datetime.outputs.DATETIME }}
BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }}
NON_FORKED_AND_NON_ROBOT_RUN: ${{ steps.get_run_type.outputs.NON_FORKED_AND_NON_ROBOT_RUN }}
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Extract branch name
id: extract_branch
uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2
- name: Get current date and time
id: get_datetime
run: |
DATETIME=$(date +'%Y%m%d%H%M')
BUILD_TIME=$(date -u "+%F_%T")
echo "DATETIME=$DATETIME" >> "$GITHUB_OUTPUT"
echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT"
- name: Get workflow run type
id: get_run_type
env:
NON_FORKED_AND_NON_ROBOT_RUN: >
${{
( github.actor != 'renovate[bot]' && github.actor != 'dependabot[bot]' ) &&
( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository )
}}
run: |
echo "github.actor != 'renovate[bot]' = ${{ github.actor != 'renovate[bot]' }}"
echo "github.actor != 'dependabot[bot]' = ${{ github.actor != 'dependabot[bot]' }}"
echo "github.event_name == 'push' = ${{ github.event_name == 'push' }}"
echo "github.event.pull_request.head.repo.full_name == github.repository = \
${{ github.event.pull_request.head.repo.full_name == github.repository }}"
echo "NON_FORKED_AND_NON_ROBOT_RUN = $NON_FORKED_AND_NON_ROBOT_RUN"
echo "NON_FORKED_AND_NON_ROBOT_RUN=$NON_FORKED_AND_NON_ROBOT_RUN" >> "$GITHUB_OUTPUT"
test:
name: Unit Tests
needs: prepare_ci_run
runs-on: ubuntu-22.04
strategy:
matrix:
config:
- name: "lifecycle-operator"
folder: "lifecycle-operator/"
- name: "metrics-operator"
folder: "metrics-operator/"
- name: "scheduler"
folder: "scheduler/"
- name: "certificate-operator"
folder: "keptn-cert-manager/"
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go 1.x
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '${{ matrix.config.folder }}go.sum'
check-latest: true
- name: Unit Test ${{ matrix.config.name }}
working-directory: ./${{ matrix.config.folder }}
run: make unit-test
- name: Report code coverage
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4
with:
flags: ${{ matrix.config.name }}
token: ${{ secrets.CODECOV_TOKEN }}
build_image:
name: Build Docker Image
needs: prepare_ci_run
runs-on: ubuntu-22.04
env:
BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }}
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }}
BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }}
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }}
RELEASE_REGISTRY: "localhost:5000/keptn"
strategy:
matrix:
config:
- name: "lifecycle-operator"
folder: "lifecycle-operator/"
- name: "metrics-operator"
folder: "metrics-operator/"
- name: "scheduler"
folder: "scheduler/"
- name: "deno-runtime"
folder: "runtimes/deno-runtime/"
- name: "python-runtime"
folder: "runtimes/python-runtime/"
- name: "certificate-operator"
folder: "keptn-cert-manager/"
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Cache build tools
id: cache-build-tools
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ./${{ matrix.config.folder }}bin
key: build-tools-${{ github.ref_name }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
- name: Build Docker Image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: ${{ matrix.config.folder }}
platforms: linux/amd64,linux/arm64
target: production
tags: |
${{ env.RELEASE_REGISTRY }}/${{ matrix.config.name }}:dev-${{ env.DATETIME }}
build-args: |
GIT_HASH=${{ env.GIT_SHA }}
RELEASE_VERSION=dev-${{ env.DATETIME }}
BUILD_TIME=${{ env.BUILD_TIME }}
CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }}
SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }}
builder: ${{ steps.buildx.outputs.name }}
push: false
cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}
cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}
outputs: type=oci,dest=/tmp/${{ matrix.config.name }}-image.tar
- name: Upload image as artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
with:
name: ${{ matrix.config.name }}-image.tar
path: /tmp/${{ matrix.config.name }}-image.tar
image_tag:
name: Store tag of the built images
needs: prepare_ci_run
runs-on: ubuntu-22.04
env:
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }}
steps:
- name: Create empty file to store image tag
run: echo "" > tag
- name: Upload tag for tests
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
with:
name: dev-${{ env.DATETIME }}
path: tag
component_tests:
name: Component Tests
needs: prepare_ci_run
uses: ./.github/workflows/component-test.yml
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
integration_tests:
name: Integration Tests
needs:
- prepare_ci_run
- build_image
strategy:
matrix:
scheduling-gates: [gates_on, gates_off]
allowed-namespaces: [allowed_ns_on, allowed_ns_off]
cert-manager-io-enabled: [cert_manager_io_on, cert_manager_io_off]
with:
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }}
scheduling-gates: ${{ matrix.scheduling-gates }}
allowed-namespaces: ${{ matrix.allowed-namespaces }}
cert-manager-io-enabled: ${{ matrix.cert-manager-io-enabled }}
uses: ./.github/workflows/integration-test.yml
load-tests:
name: Load Tests
needs: [prepare_ci_run, build_image]
with:
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }}
uses: ./.github/workflows/load-test.yml
e2e_tests:
name: End to End Tests
needs: [prepare_ci_run, build_image]
with:
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }}
uses: ./.github/workflows/e2e-test.yml
helm_charts_publish:
name: Publish helm chart changes to charts repo
if: github.event_name == 'push' && needs.prepare_ci_run.outputs.NON_FORKED_AND_NON_ROBOT_RUN == 'true'
needs: [prepare_ci_run, build_image]
strategy:
matrix:
config:
- name: keptn
path: chart
- name: keptn-lifecycle-operator
path: lifecycle-operator/chart
- name: keptn-metrics-operator
path: metrics-operator/chart
- name: keptn-cert-manager
path: keptn-cert-manager/chart
runs-on: ubuntu-22.04
steps:
- name: Check out keptn repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check out helm-charts repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: 'keptn/lifecycle-toolkit-charts'
path: ./helm-charts-repository
token: ${{ secrets.KEPTN_BOT_TOKEN }}
- name: Substitue local paths with official chart URL
if: matrix.config.name == 'keptn'
working-directory: ./${{ matrix.config.path }}
run: |
# substitute local charts path with official ones
yq -i '.dependencies.[].repository = "https://charts.lifecycle.keptn.sh"' ./Chart.yaml
# update Chart.lock files
helm repo add keptn https://charts.lifecycle.keptn.sh
helm repo update
helm dependency update
helm dependency build
- name: Copy chart from keptn to helm repo
run: rsync -av --delete --exclude='charts/*.tgz' ./${{ matrix.config.path }}/ ./helm-charts-repository/charts/${{ matrix.config.name }}/
- name: Create Pull Request
uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2
with:
token: ${{ secrets.KEPTN_BOT_TOKEN }}
path: ./helm-charts-repository
commit-message: "feat: update ${{ matrix.config.name }} helm chart"
signoff: true
branch: chart-update-${{ matrix.config.name }}
delete-branch: true
base: main
title: "Update ${{ matrix.config.name }} Helm chart"
body: |
:robot: **This is an automated PR for updating and releasing Helm charts from keptn/lifecycle-toolkit!** :robot: