deps: update checkmarx/kics-github-action action to v2.1.3 #17928
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- 'main' | |
- '[0-9]+.[1-9][0-9]*.x' | |
pull_request: | |
branches: | |
- 'main' | |
- '[0-9]+.[1-9][0-9]*.x' | |
- 'epic/*' | |
paths-ignore: | |
- "docs/**" | |
- "**.md" | |
- "netlify.toml" | |
- "mkdocs.yml" | |
- ".github/actions/spelling/*" | |
# Declare default permissions as read only. | |
permissions: read-all | |
env: | |
GO_VERSION: "~1.23" | |
# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools | |
CONTROLLER_TOOLS_VERSION: "v0.16.4" | |
ENVTEST_K8S_VERSION: "1.24.2" | |
SCHEDULER_COMPATIBLE_K8S_VERSION: "v0.24.3" | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
prepare_ci_run: | |
name: Prepare CI Run | |
runs-on: ubuntu-22.04 | |
outputs: | |
GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }} | |
BRANCH: ${{ steps.extract_branch.outputs.BRANCH }} | |
BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }} | |
DATETIME: ${{ steps.get_datetime.outputs.DATETIME }} | |
BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }} | |
NON_FORKED_AND_NON_ROBOT_RUN: ${{ steps.get_run_type.outputs.NON_FORKED_AND_NON_ROBOT_RUN }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Extract branch name | |
id: extract_branch | |
uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2 | |
- name: Get current date and time | |
id: get_datetime | |
run: | | |
DATETIME=$(date +'%Y%m%d%H%M') | |
BUILD_TIME=$(date -u "+%F_%T") | |
echo "DATETIME=$DATETIME" >> "$GITHUB_OUTPUT" | |
echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT" | |
- name: Get workflow run type | |
id: get_run_type | |
env: | |
NON_FORKED_AND_NON_ROBOT_RUN: > | |
${{ | |
( github.actor != 'renovate[bot]' && github.actor != 'dependabot[bot]' ) && | |
( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) | |
}} | |
run: | | |
echo "github.actor != 'renovate[bot]' = ${{ github.actor != 'renovate[bot]' }}" | |
echo "github.actor != 'dependabot[bot]' = ${{ github.actor != 'dependabot[bot]' }}" | |
echo "github.event_name == 'push' = ${{ github.event_name == 'push' }}" | |
echo "github.event.pull_request.head.repo.full_name == github.repository = \ | |
${{ github.event.pull_request.head.repo.full_name == github.repository }}" | |
echo "NON_FORKED_AND_NON_ROBOT_RUN = $NON_FORKED_AND_NON_ROBOT_RUN" | |
echo "NON_FORKED_AND_NON_ROBOT_RUN=$NON_FORKED_AND_NON_ROBOT_RUN" >> "$GITHUB_OUTPUT" | |
test: | |
name: Unit Tests | |
needs: prepare_ci_run | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
config: | |
- name: "lifecycle-operator" | |
folder: "lifecycle-operator/" | |
- name: "metrics-operator" | |
folder: "metrics-operator/" | |
- name: "scheduler" | |
folder: "scheduler/" | |
- name: "certificate-operator" | |
folder: "keptn-cert-manager/" | |
steps: | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go 1.x | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '${{ matrix.config.folder }}go.sum' | |
check-latest: true | |
- name: Unit Test ${{ matrix.config.name }} | |
working-directory: ./${{ matrix.config.folder }} | |
run: make unit-test | |
- name: Report code coverage | |
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
with: | |
flags: ${{ matrix.config.name }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
build_image: | |
name: Build Docker Image | |
needs: prepare_ci_run | |
runs-on: ubuntu-22.04 | |
env: | |
BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }} | |
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} | |
BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }} | |
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} | |
RELEASE_REGISTRY: "localhost:5000/keptn" | |
DOCKER_BUILD_SUMMARY: "false" | |
DOCKER_BUILD_RECORD_UPLOAD: "false" | |
strategy: | |
matrix: | |
config: | |
- name: "lifecycle-operator" | |
folder: "lifecycle-operator/" | |
- name: "metrics-operator" | |
folder: "metrics-operator/" | |
- name: "scheduler" | |
folder: "scheduler/" | |
- name: "deno-runtime" | |
folder: "runtimes/deno-runtime/" | |
- name: "python-runtime" | |
folder: "runtimes/python-runtime/" | |
- name: "certificate-operator" | |
folder: "keptn-cert-manager/" | |
steps: | |
- name: Check out code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Cache build tools | |
id: cache-build-tools | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ./${{ matrix.config.folder }}bin | |
key: build-tools-${{ github.ref_name }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
- name: Build Docker Image | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
context: ${{ matrix.config.folder }} | |
platforms: linux/amd64,linux/arm64 | |
target: production | |
tags: | | |
${{ env.RELEASE_REGISTRY }}/${{ matrix.config.name }}:dev-${{ env.DATETIME }} | |
build-args: | | |
GIT_HASH=${{ env.GIT_SHA }} | |
RELEASE_VERSION=dev-${{ env.DATETIME }} | |
BUILD_TIME=${{ env.BUILD_TIME }} | |
CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }} | |
SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }} | |
builder: ${{ steps.buildx.outputs.name }} | |
push: false | |
cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} | |
cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} | |
outputs: type=oci,dest=/tmp/${{ matrix.config.name }}-image.tar | |
- name: Upload image as artifact | |
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
with: | |
name: ${{ matrix.config.name }}-image.tar | |
path: /tmp/${{ matrix.config.name }}-image.tar | |
image_tag: | |
name: Store tag of the built images | |
needs: prepare_ci_run | |
runs-on: ubuntu-22.04 | |
env: | |
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} | |
steps: | |
- name: Create empty file to store image tag | |
run: echo "" > tag | |
- name: Upload tag for tests | |
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
with: | |
name: dev-${{ env.DATETIME }} | |
path: tag | |
component_tests: | |
name: Component Tests | |
needs: prepare_ci_run | |
uses: ./.github/workflows/component-test.yml | |
secrets: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
integration_tests: | |
name: Integration Tests | |
needs: | |
- prepare_ci_run | |
- build_image | |
strategy: | |
matrix: | |
scheduling-gates: [gates_on, gates_off] | |
cert-manager-io-enabled: [cert_manager_io_on, cert_manager_io_off] | |
exclude: | |
- scheduling-gates: gates_on | |
cert-manager-io-enabled: cert_manager_io_on | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
scheduling-gates: ${{ matrix.scheduling-gates }} | |
cert-manager-io-enabled: ${{ matrix.cert-manager-io-enabled }} | |
uses: ./.github/workflows/integration-test.yml | |
integration_tests_allowed_namespaces: | |
name: Integration Tests Allowed Namespaces | |
needs: | |
- prepare_ci_run | |
- build_image | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
type: allowed-namespaces | |
uses: ./.github/workflows/integration-test-component.yml | |
integration_tests_lifecycle: | |
name: Integration Tests Lifecycle | |
needs: | |
- prepare_ci_run | |
- build_image | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
type: lifecycle | |
uses: ./.github/workflows/integration-test-component.yml | |
integration_tests_metrics: | |
name: Integration Tests Metrics | |
needs: | |
- prepare_ci_run | |
- build_image | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
type: metrics | |
uses: ./.github/workflows/integration-test-component.yml | |
integration_tests_cert_manager: | |
name: Integration Tests Cert Manager | |
needs: | |
- prepare_ci_run | |
- build_image | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
type: cert-manager | |
uses: ./.github/workflows/integration-test-component.yml | |
load-tests: | |
name: Load Tests | |
needs: [prepare_ci_run, build_image] | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
uses: ./.github/workflows/load-test.yml | |
e2e_tests: | |
name: End to End Tests | |
needs: [prepare_ci_run, build_image] | |
with: | |
runtime_tag: dev-${{ needs.prepare_ci_run.outputs.DATETIME }} | |
uses: ./.github/workflows/e2e-test.yml | |
helm_charts_publish: | |
name: Publish helm chart changes to charts repo | |
if: github.event_name == 'push' && needs.prepare_ci_run.outputs.NON_FORKED_AND_NON_ROBOT_RUN == 'true' | |
needs: [prepare_ci_run, build_image] | |
strategy: | |
matrix: | |
config: | |
- name: keptn | |
path: chart | |
- name: keptn-lifecycle-operator | |
path: lifecycle-operator/chart | |
- name: keptn-metrics-operator | |
path: metrics-operator/chart | |
- name: keptn-cert-manager | |
path: keptn-cert-manager/chart | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out keptn repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Check out helm-charts repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
repository: 'keptn/lifecycle-toolkit-charts' | |
path: ./helm-charts-repository | |
token: ${{ secrets.KEPTN_BOT_TOKEN }} | |
- name: Substitue local paths with official chart URL | |
if: matrix.config.name == 'keptn' | |
working-directory: ./${{ matrix.config.path }} | |
run: | | |
# substitute local charts path with official ones | |
yq -i '.dependencies.[].repository = "https://charts.lifecycle.keptn.sh"' ./Chart.yaml | |
# update Chart.lock files | |
helm repo add keptn https://charts.lifecycle.keptn.sh | |
helm repo update | |
helm dependency update | |
helm dependency build | |
- name: Copy chart from keptn to helm repo | |
run: rsync -av --delete --exclude='charts/*.tgz' ./${{ matrix.config.path }}/ ./helm-charts-repository/charts/${{ matrix.config.name }}/ | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 | |
with: | |
token: ${{ secrets.KEPTN_BOT_TOKEN }} | |
path: ./helm-charts-repository | |
commit-message: "feat: update ${{ matrix.config.name }} helm chart" | |
signoff: true | |
branch: chart-update-${{ matrix.config.name }} | |
delete-branch: true | |
base: main | |
title: "Update ${{ matrix.config.name }} Helm chart" | |
body: | | |
:robot: **This is an automated PR for updating and releasing Helm charts from keptn/lifecycle-toolkit!** :robot: |