mirror of
https://github.com/kubereboot/kured.git
synced 2026-05-06 00:17:24 +00:00
03be903f52
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](1d97d84f0b...82202e5e9c)
---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
dependency-version: 2.4.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
183 lines
6.9 KiB
YAML
183 lines
6.9 KiB
YAML
name: PR
|
|
on:
|
|
pull_request:
|
|
push:
|
|
|
|
jobs:
|
|
pr-short-tests:
|
|
name: Run short go tests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: run tests
|
|
run: make test
|
|
- name: Annotate tests
|
|
if: always()
|
|
uses: guyarb/golang-test-annoations@2941118d7ef622b1b3771d1ff6eae9e90659eb26 # v0.8.0
|
|
with:
|
|
test-results: test.json
|
|
|
|
|
|
pr-check-docs-links:
|
|
name: Check docs for incorrect links
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Link Checker
|
|
uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
with:
|
|
args: --verbose --no-progress '*.md' '*.yaml' '*/*/*.go' --exclude-link-local
|
|
fail: true
|
|
|
|
# This should not be made a mandatory test
|
|
# It is only used to make us aware of any potential security failure, that
|
|
# should trigger a bump of the image in build/.
|
|
pr-vuln-scan:
|
|
name: Build image and scan it against known vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Build image
|
|
run: VERSION="${{ steps.tags.outputs.sha_short }}" DH_ORG="${{ github.repository_owner }}" make image
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
|
|
with:
|
|
image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
# This ensures the latest code works with the manifests built from tree.
|
|
# It is useful for two things:
|
|
# - Test manifests changes (obviously), ensuring they don't break existing clusters
|
|
# - Ensure manifests work with the latest versions even with no manifest change
|
|
# (compared to helm charts, manifests cannot easily template changes based on versions)
|
|
# Helm charts are _trailing_ releases, while manifests are done during development.
|
|
# This test uses the "command" reboot-method.
|
|
e2e-manifests:
|
|
name: End-to-End test with kured with code and manifests from HEAD
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestE2EWithCommand"
|
|
- "TestE2EWithSignal"
|
|
- "TestE2EConcurrentWithCommand"
|
|
- "TestE2EConcurrentWithSignal"
|
|
kubernetes_version:
|
|
- "previous"
|
|
- "current"
|
|
- "next"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Install kind
|
|
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
|
|
with:
|
|
install_only: true
|
|
version: v0.27.0
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}/${{ matrix.kubernetes_version }}"
|
|
|
|
|
|
e2e-tests-singleversion:
|
|
name: End-to-End test targetting a single version of kubernetes
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestCordonningIsKept/concurrency1"
|
|
- "TestCordonningIsKept/concurrency2"
|
|
- "TestE2EBlocker/podblocker"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Install kind
|
|
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
|
|
with:
|
|
install_only: true
|
|
version: v0.27.0
|
|
# Keep this until v1.31 (or superior) becomes the default kubectl version for the kind-action.
|
|
# It is used in podblocker shell script test to use --all-pods.
|
|
# If the podblocker e2e test relies on another way, this can also be removed.
|
|
kubectl_version: v1.31.0
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}"
|