chore: bump step-security/harden-runner from 2.9.0 to 2.9.1 #231
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build_test | |
on: | |
workflow_dispatch: | |
push: | |
paths-ignore: | |
- "**.md" | |
branches: | |
- main | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
lint: | |
name: "Lint" | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
permissions: | |
contents: read | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0 | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version-file: "go.mod" | |
# source: https://github.com/golangci/golangci-lint-action | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: v1.55.1 | |
helm_build_test: | |
name: "[Helm] Build and Test" | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
contents: read | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
with: | |
egress-policy: audit | |
- name: Set up Go 1.21 | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.21 | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0 | |
- name: Bootstrap e2e | |
env: | |
KIND_VERSION: 0.17.0 | |
BATS_VERSION: 1.8.2 | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH | |
GOBIN="${GITHUB_WORKSPACE}/bin" go install sigs.k8s.io/kind@v${KIND_VERSION} | |
curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && bash bats-core-${BATS_VERSION}/install.sh ${GITHUB_WORKSPACE} | |
- name: Create a kind cluster and install Gatekeeper | |
env: | |
GATEKEEPER_VERSION: 3.11.0 | |
KUBERNETES_VERSION: 1.26.0 | |
run: | | |
kind create cluster --image kindest/node:v${KUBERNETES_VERSION} --name gatekeeper | |
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts | |
helm install gatekeeper/gatekeeper \ | |
--version ${GATEKEEPER_VERSION} \ | |
--set enableExternalData=true \ | |
--name-template=gatekeeper \ | |
--namespace gatekeeper-system \ | |
--create-namespace \ | |
--debug | |
- name: Build and install archivista-data-provider | |
run: | | |
./scripts/generate-tls-cert.sh | |
make docker-buildx kind-load-image | |
helm install archivista-data-provider charts/archivista-data-provider \ | |
--set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \ | |
--namespace gatekeeper-system \ | |
--wait --debug | |
- name: Run e2e | |
run: | | |
bats -t test/bats/test.bats |