publish secret correctly #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate SecureSign | |
on: | |
push: | |
branches: ["main", "release*"] | |
tags: ["*"] | |
pull_request: | |
branches: ["main", "release*"] | |
env: | |
GO_VERSION: 1.19 | |
CONTROLLER_IMAGE: quay.io/rcook/securesign-controller:latest | |
KIND_VERSION: 0.20.0 | |
jobs: | |
build-operator: | |
name: Build-operator | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Test | |
run: make test | |
- name: Build operator container | |
run: make docker-build CONTROLLER_IMAGE=${CONTROLLER_IMAGE} | |
- name: Install kind | |
run: | | |
curl -fsSL -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64 | |
sudo install ./kind /usr/local/bin && rm kind | |
kind version | |
kind version | grep -q ${KIND_VERSION} | |
- name: install kubectl | |
run: | | |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
kubectl version --client | |
- name: write secret DOCKER_CONFIG to home directory | |
run: | | |
mkdir -p ~/.docker | |
echo ${{ secrets.DOCKER_CONFIG }} > ~/.docker/config.json | |
- name: Create kind cluster | |
run: sh hack/kind.sh | |
- name: load operator image into kind cluster | |
run: kind load docker-image ${CONTROLLER_IMAGE} | |
- name: Deploy operator | |
run: make deploy CONTROLLER_IMAGE=${CONTROLLER_IMAGE} | |
- name: Wait for operator to be ready | |
run: kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system | |
- name: prepare keycloak using olm. Install OLM | |
run: | | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml | |
sleep 1 | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml | |
- name: wait for operator-controller-manager to be ready | |
run: kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system | |
- name: Apply sample config | |
run: kubectl apply -f config/samples/rhtas_v1alpha1_securesign.yaml | |
- name: write PULL_SECRET to /tmp/pull-secret.txt | |
run: | | |
echo ${{ secrets.PULL_SECRET }} > /tmp/pull-secret.txt | |
- name: sleep then print namespaces | |
run: | | |
sleep 60 | |
kubectl get ns | |
- name: Lazily create secrets in all namespaces | |
run: kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n ctlog-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n fulcio-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n rekor-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n trillian-system ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n trusted-artifact-signer-clientserver ; kubectl create secret generic pull-secret --from-file=.dockerconfigjson=/tmp/pull-secret.txt --type=kubernetes.io/dockerconfigjson -n tuf-system | |