feat: add secrets, add cert creation, make optional #41
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate SecureSign | |
on: | |
push: | |
branches: ["main", "release*"] | |
tags: ["*"] | |
pull_request: | |
branches: ["main", "release*"] | |
env: | |
GO_VERSION: 1.19 | |
IMAGE_TAG_BASE: ${KIND_REGISTRY}/securesign | |
jobs: | |
build-operator: | |
name: Build-operator | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Log in to registry.redhat.io | |
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1 | |
with: | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
registry: registry.redhat.io | |
auth_file_path: /tmp/config.json | |
- name: Install Cluster | |
uses: container-tools/[email protected] | |
with: | |
version: v0.20.0 | |
node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb | |
cpu: 3 | |
config: ./ci/config.yaml | |
- name: Build and Deploy operator container | |
run: make docker-build docker-push deploy | |
- name: Wait for operator to be ready | |
run: | | |
kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system | |
- name: Install Keycloak | |
run: | | |
#install OLM | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml | |
# wait for a while to be sure CRDs are installed | |
sleep 1 | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml | |
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/operator/overlay/kind | |
until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ] | |
do | |
echo "Waiting for keycloak operator. Pods in keycloak-system namespace:" | |
kubectl get pods -n keycloak-system | |
sleep 10 | |
done | |
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/resources/overlay/kind | |
until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]] | |
do | |
printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system) | |
sleep 10 | |
done | |
shell: bash | |
- name: Apply sample config | |
run: | | |
kubectl create ns test | |
kubectl -n test create secret generic fulcio-secret-rh --from-file=private=./ci/certs/file_ca_key.pem --from-file=public=./ci/certs/file_ca_pub.pem --from-file=cert=./ci/certs/fulcio-root.pem --from-literal=password=secure | |
kubectl -n test create secret generic rekor-private-key --from-file=private=./ci/certs/rekor_key.pem | |
kubectl apply -f config/samples/rhtas_v1alpha1_securesign.yaml -n test | |
- name: sleep then print pods in test namespace | |
run: | | |
sleep 120 | |
kubectl get pods -n test | |
[ -z "$(kubectl get pods -o jsonpath='{range .items[*]}{.status.phase}{"\n"}' | grep -v "Succeeded" | grep -v "Completed" | grep -v "Running")" ] |