mirror of
https://github.com/kubereboot/kured.git
synced 2026-05-06 00:17:24 +00:00
3ca4a06257
* Update go version k8s deps and images * update kind as well Signed-off-by: Daniel Holbach <daniel.holbach@gmail.com> Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party>
183 lines
6.9 KiB
YAML
183 lines
6.9 KiB
YAML
name: PR
|
|
on:
|
|
pull_request:
|
|
push:
|
|
|
|
jobs:
|
|
pr-short-tests:
|
|
name: Run short go tests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: run tests
|
|
run: make test
|
|
- name: Annotate tests
|
|
if: always()
|
|
uses: guyarb/golang-test-annoations@2941118d7ef622b1b3771d1ff6eae9e90659eb26 # v0.8.0
|
|
with:
|
|
test-results: test.json
|
|
|
|
|
|
pr-check-docs-links:
|
|
name: Check docs for incorrect links
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Link Checker
|
|
uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
with:
|
|
args: --verbose --no-progress '*.md' '*.yaml' '*/*/*.go' --exclude-link-local
|
|
fail: true
|
|
|
|
# This should not be made a mandatory test
|
|
# It is only used to make us aware of any potential security failure, that
|
|
# should trigger a bump of the image in build/.
|
|
pr-vuln-scan:
|
|
name: Build image and scan it against known vulnerabilities
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Build image
|
|
run: VERSION="${{ steps.tags.outputs.sha_short }}" DH_ORG="${{ github.repository_owner }}" make image
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
|
|
with:
|
|
image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
# This ensures the latest code works with the manifests built from tree.
|
|
# It is useful for two things:
|
|
# - Test manifests changes (obviously), ensuring they don't break existing clusters
|
|
# - Ensure manifests work with the latest versions even with no manifest change
|
|
# (compared to helm charts, manifests cannot easily template changes based on versions)
|
|
# Helm charts are _trailing_ releases, while manifests are done during development.
|
|
# This test uses the "command" reboot-method.
|
|
e2e-manifests:
|
|
name: End-to-End test with kured with code and manifests from HEAD
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestE2EWithCommand"
|
|
- "TestE2EWithSignal"
|
|
- "TestE2EConcurrentWithCommand"
|
|
- "TestE2EConcurrentWithSignal"
|
|
kubernetes_version:
|
|
- "previous"
|
|
- "current"
|
|
- "next"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Install kind
|
|
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
|
|
with:
|
|
install_only: true
|
|
version: v0.27.0
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}/${{ matrix.kubernetes_version }}"
|
|
|
|
|
|
e2e-tests-singleversion:
|
|
name: End-to-End test targetting a single version of kubernetes
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
testname:
|
|
- "TestCordonningIsKept/concurrency1"
|
|
- "TestCordonningIsKept/concurrency2"
|
|
- "TestE2EBlocker/podblocker"
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Ensure go version
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
|
|
- name: Setup GoReleaser
|
|
run: make bootstrap-tools
|
|
- name: Find current tag version
|
|
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
id: tags
|
|
- name: Install kind
|
|
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
|
|
with:
|
|
install_only: true
|
|
version: v0.27.0
|
|
# Keep this until v1.31 (or superior) becomes the default kubectl version for the kind-action.
|
|
# It is used in podblocker shell script test to use --all-pods.
|
|
# If the podblocker e2e test relies on another way, this can also be removed.
|
|
kubectl_version: v1.31.0
|
|
- name: Run specific e2e tests
|
|
run: make e2e-test ARGS="-run ^${{ matrix.testname }}"
|