WIP: setup workflow #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: designate-certmanager-webhook | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| tags: | |
| - v* | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| env: | |
| OS_AUTH_URL: ${{ secrets.OS_AUTH_URL }} | |
| OS_USERNAME: ${{ secrets.OS_USERNAME }} | |
| OS_PASSWORD: ${{ secrets.OS_PASSWORD }} | |
| OS_DOMAIN_ID: ${{ secrets.OS_DOMAIN_ID }} | |
| OS_DOMAIN_NAME: ${{ secrets.OS_DOMAIN_NAME }} | |
| OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} | |
| OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }} | |
| OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} | |
| OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }} | |
| OS_CLOUD: ${{ secrets.OS_CLOUD }} | |
| TEST_ZONE_NAME: ${{ secrets.TEST_ZONE_NAME }} | |
| REGISTRY: ${{ secrets.REGISTRY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run_test: false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Cache vendor | |
| uses: actions/cache@v4 | |
| env: | |
| cache-name: cache-vendor | |
| with: | |
| path: vendor | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('go.mod') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-${{ env.cache-name }}- | |
| - name: Prepare | |
| id: prep | |
| run: | | |
| TAG=pr | |
| if [[ $GITHUB_REF == refs/tags/v* ]]; then | |
| TAG=${GITHUB_REF#refs/tags/} | |
| elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
| TAG=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') | |
| fi | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| echo "Build with tag=${TAG}" | |
| - name: Setup Go environment | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - name: Build binary | |
| shell: bash | |
| run: make -e REGISTRY=$REGISTRY -e TAG="${{ steps.prep.outputs.tag }}" build-in-docker | |
| # Directory created with a docker run having user root | |
| - name: Fix directory owner | |
| shell: bash | |
| run: | | |
| ls -l | |
| if [ -d out ] && [ -d vendor ]; then | |
| sudo chown -R $USER out vendor | |
| fi | |
| - name: Output | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries | |
| path: out | |
| if-no-files-found: error | |
| - name: active test | |
| if: "${{ env.OS_AUTH_URL != '' }}" | |
| run: echo "run_test=true" >> "$GITHUB_OUTPUT" | |
| test: | |
| if: needs.build.outputs.run_test == 'true' | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| id: prep | |
| run: | | |
| TAG=pr | |
| if [[ $GITHUB_REF == refs/tags/v* ]]; then | |
| TAG=${GITHUB_REF#refs/tags/} | |
| elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
| TAG=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') | |
| fi | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| echo "Build with tag=${TAG}" | |
| - name: Cache vendor | |
| uses: actions/cache@v4 | |
| env: | |
| cache-name: cache-vendor | |
| with: | |
| path: vendor | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('go.mod') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-${{ env.cache-name }}- | |
| - name: fetch hack | |
| shell: bash | |
| run: ./scripts/fetch-test-binaries.sh | |
| - name: test | |
| shell: bash | |
| run: ./scripts/test.sh | |
| - name: Fix directory owner | |
| shell: bash | |
| run: | | |
| ls -l | |
| if [ -d vendor ]; then | |
| sudo chown -R $USER vendor | |
| fi | |
| sonarcloud: | |
| if: startsWith(github.ref, 'refs/heads/') | |
| name: SonarCloud | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| # Directory created with a docker run having user root | |
| - name: Prepare SonarCloud | |
| shell: bash | |
| run: sudo chown -R $USER .scannerwork | |
| deploy: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: build | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| id: prep | |
| run: | | |
| TAG=pr | |
| if [[ $GITHUB_REF == refs/tags/v* ]]; then | |
| TAG=${GITHUB_REF#refs/tags/} | |
| elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
| TAG=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') | |
| fi | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| echo "Build with tag=${TAG}" | |
| - name: Setup Go environment | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v2.2.1 | |
| - name: Download binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binaries | |
| path: out | |
| - name: Prepare docker buildx | |
| shell: bash | |
| run: | | |
| docker buildx version; | |
| echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin; | |
| docker buildx create --use | |
| - name: Build docker image | |
| shell: bash | |
| run: | | |
| make -e REGISTRY=$REGISTRY -e TAG="${{ steps.prep.outputs.tag }}" push-manifest | |
| - name: Prepare Release | |
| shell: bash | |
| run: | | |
| cp out/linux/amd64/designate-certmanager-webhook designate-certmanager-webhook-amd64 | |
| cp out/linux/arm64/designate-certmanager-webhook designate-certmanager-webhook-arm64 | |
| - name: Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.prep.outputs.tag }} | |
| draft: false | |
| files: | | |
| designate-certmanager-webhook-amd64 | |
| designate-certmanager-webhook-arm64 |