Skip to content

publish secret correctly #20

publish secret correctly

publish secret correctly #20

Workflow file for this run

name: Validate SecureSign
on:
push:
branches: ["main", "release*"]
tags: ["*"]
pull_request:
branches: ["main", "release*"]
env:
GO_VERSION: 1.19
CONTROLLER_IMAGE: quay.io/rcook/securesign-controller:latest
KIND_VERSION: 0.20.0
jobs:
build-operator:
name: Build-operator
runs-on: ubuntu-20.04
steps:
- name: Checkout source
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v1
with:
go-version: ${{ env.GO_VERSION }}
- name: Test
run: make test
- name: Build operator container
run: make docker-build CONTROLLER_IMAGE=${CONTROLLER_IMAGE}
- name: Install kind
run: |
curl -fsSL -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
sudo install ./kind /usr/local/bin && rm kind
kind version
kind version | grep -q ${KIND_VERSION}
- name: install kubectl
run: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client
- name: write secret DOCKER_CONFIG to home directory
run: |
mkdir -p ~/.docker
echo ${{ secrets.DOCKER_CONFIG }} > ~/.docker/config.json
- name: Create kind cluster
run: sh hack/kind.sh
- name: load operator image into kind cluster
run: kind load docker-image ${CONTROLLER_IMAGE}
- name: Deploy operator
run: make deploy CONTROLLER_IMAGE=${CONTROLLER_IMAGE}
- name: Wait for operator to be ready
run: kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system
- name: prepare keycloak using olm. Install OLM
run: |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml
sleep 1
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml
- name: wait for operator-controller-manager to be ready
run: kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system
- name: Apply sample config
run: kubectl apply -f config/samples/rhtas_v1alpha1_securesign.yaml
- name: write PULL_SECRET to /tmp/pull-secret.txt
run: |
echo "${{ secrets.PULL_SECRET }}" > /tmp/pull-secret.txt
- name: sleep then print namespaces
run: |
sleep 60
kubectl get ns
- name: Lazily create secrets in all namespaces
run: kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n ctlog-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n fulcio-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n rekor-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n trillian-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n trusted-artifact-signer-clientserver ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n tuf-system