Improvements from vynil #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
jobs: | |
docker: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Setup qemu for multi-arch support | |
- name: Docker Setup qemu-action | |
uses: docker/setup-qemu-action@v3 | |
# Build and push with docker buildx | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Configure tags based on git tags + latest | |
uses: docker/metadata-action@v5 | |
id: meta | |
with: | |
images: ${{ github.repository_owner }}/kuberest | |
tags: | | |
type=ref,event=pr | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Docker login on main origin | |
uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Docker buildx | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
cache-from: type=gha,scope=base | |
cache-to: type=gha,scope=base,mode=max | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
- name: Persist base image build to a tarball | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: linux/amd64 | |
tags: ${{ steps.meta.outputs.tags }} | |
cache-from: type=gha,scope=base | |
outputs: type=docker,dest=/tmp/image.tar | |
- name: Upload base docker image as artifact for e2e tests | |
uses: actions/upload-artifact@v4 | |
with: | |
name: controller-image | |
path: /tmp/image.tar | |
otel-docker: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Setup qemu for multi-arch support | |
- name: Docker Setup qemu-action | |
uses: docker/setup-qemu-action@v2 | |
# Build and push with docker buildx | |
- name: Setup docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure tags based on git tags + latest | |
uses: docker/metadata-action@v5 | |
id: meta | |
with: | |
images: ${{ github.repository_owner }}/kuberest | |
tags: | | |
type=semver,pattern={{version}},prefix=otel- | |
type=semver,pattern={{major}}.{{minor}},prefix=otel- | |
type=raw,value=otel-latest,enable={{is_default_branch}} | |
type=ref,event=pr | |
- name: Docker login on main origin | |
uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Docker buildx | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
cache-from: type=gha,scope=otel | |
cache-to: type=gha,scope=otel,mode=max | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
FEATURES=--features=telemetry | |
e2e: | |
runs-on: ubuntu-latest | |
needs: [docker] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: nolar/setup-k3d-k3s@v1 | |
with: | |
version: v1.30 | |
k3d-name: kube | |
k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*" | |
- run: kubectl apply -k deploy/crd | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download docker image artifact from docker job | |
uses: actions/download-artifact@v4 | |
with: | |
name: controller-image | |
path: /tmp | |
- name: Load docker image from tarball | |
run: docker load --input /tmp/image.tar | |
- name: helm template | kubctl apply | |
run: | | |
apiserver="$(kubectl get endpoints kubernetes -ojson | jq '.subsets[0].addresses[0].ip' -r)" | |
helm template charts/kuberest \ | |
--set version=latest \ | |
--set networkPolicy.enabled=true \ | |
--set networkPolicy.apiserver.0=${apiserver}/32 \ | |
| kubectl apply -f - | |
- run: kubectl wait --for=condition=available deploy/kuberest --timeout=30s | |
- run: kubectl apply -f examples/abuses/uuidgen.yaml | |
- run: kubectl wait --for=condition=ready rep/uuidgen | |
# verify reconcile actions have happened | |
- run: kubectl get netpol kuberest -oyaml | |
- run: kubectl logs deploy/kuberest | |
- run: kubectl get event --field-selector "involvedObject.kind=RestEndPoint,involvedObject.name=uuidgen" | grep "IgnoredInput" | |
- run: kubectl get secrets output | |
- run: kubectl get rep -oyaml | grep -A1 finalizers | grep restendpoints.kuberest.solidite.fr | |
# TODO: add more e2e tests | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install protoc | |
run: sudo apt-get install -y protobuf-compiler | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: nightly | |
components: rustfmt,clippy | |
- run: cargo +nightly fmt -- --check | |
- uses: giraffate/clippy-action@v1 | |
with: | |
reporter: 'github-pr-review' | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
clippy_flags: --all-features | |
integration: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- uses: nolar/setup-k3d-k3s@v1 | |
with: | |
version: v1.30 | |
k3d-name: kube | |
k3d-args: "--no-lb --no-rollback --k3s-arg --disable=traefik,servicelb,metrics-server@server:*" | |
- name: Build workspace | |
run: cargo build | |
- name: Install crd | |
run: cargo run --bin crdgen | kubectl apply -f - | |
- name: Run all default features integration library tests | |
run: cargo test --lib --all -- --ignored | |
unit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
# Real CI work starts here | |
- name: Build workspace | |
run: cargo build | |
- name: Generate crd.yaml | |
run: cargo run --bin crdgen > deploy/crd/crd.yaml | |
- name: Generate deployment.yaml | |
run: helm template charts/kuberest > deploy/operator/deployment.yaml | |
- name: Ensure generated output is committed | |
run: | | |
if ! git diff --exit-code deploy/; then | |
echo "Uncommitted changes in yaml directory" | |
echo "Please run 'cargo cmd generate' and commit the results" | |
exit 1 | |
fi | |
- name: Run workspace unit tests | |
run: cargo test |