Skip to content

Commit

Permalink
Merge pull request #10 from jvanz/main
Browse files Browse the repository at this point in the history 
Build, test and release using reusable Github actions.
  • Loading branch information
@flavio
flavio authored Jan 26, 2022
2 parents 24948b0 + 91325e9 commit 61c9fce
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 97 deletions.
114 changes: 17 additions & 97 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,106 +5,26 @@ on:
tags:
- 'v*'

name: Publish Wasm module
name: Release policy

jobs:

test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
name: run tests and linters
uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1

build:
name: Build and publish policy
runs-on: ubuntu-latest
release:
needs: test
env:
WASM_BINARY_NAME: allow_privilege_escalation_psp
OCI_TARGET: ghcr.io/kubewarden/policies/allow-privilege-escalation-psp
METADATA_FILE: metadata.yml
KWCTL_VERSION: v0.1.9
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Prepare Rust environment
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
target: wasm32-unknown-unknown
-
name: Download kwctl
run: |
curl -L https://github.com/kubewarden/kwctl/releases/download/${{env.KWCTL_VERSION}}/kwctl-linux-amd64.zip -o kwctl.zip
unzip kwctl.zip
chmod 755 kwctl
-
name: Build Wasm module
uses: actions-rs/cargo@v1
with:
command: build
args: --target=wasm32-unknown-unknown --release
-
name: Annotate Wasm module
run: |
./kwctl annotate -m ${{ env.METADATA_FILE }} -o policy-annotated.wasm target/wasm32-unknown-unknown/release/${WASM_BINARY_NAME}.wasm
permissions:
# Required to push to GHCR
contents: write
packages: write
# Required by cosign keyless signing
id-token: write

-
name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Publish Wasm policy artifact to OCI registry with the 'latest' tag
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:latest
-
name: Publish Wasm policy artifact to OCI registry with the version tag and 'latest'
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
export OCI_TAG=$(echo $GITHUB_REF | sed -e "s|refs/tags/||")
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:${OCI_TAG}
-
name: Create Release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
-
name: Upload Release Asset
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: policy-annotated.wasm
asset_name: policy.wasm
asset_content_type: application/wasm
-
name: Notify policy-hub
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: kubewarden/notify-policy-hub@main
with:
USERNAME: chimera-kube-bot
PAT: ${{ secrets.WORKFLOW_PAT }}
uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v1
with:
input-wasm: allow_privilege_escalation_psp
oci-target: ghcr.io/${{ github.repository_owner }}/policies/allow-privilege-escalation-psp
secrets:
workflow-pat: ${{ secrets.WORKFLOW_PAT }}
4 changes: 4 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,7 @@ test: fmt lint
.PHONY: clean
clean:
cargo clean

.PHONY: e2e-tests
e2e-tests:
@echo "Dummy target to allow using the reusable github actions to build, test and release policies"

0 comments on commit 61c9fce

Please sign in to comment.