Skip to content

Cleanup

Cleanup #68

Workflow file for this run

name: Validate SecureSign
on:
push:
branches: ["main", "release*"]
tags: ["*"]
pull_request:
branches: ["main", "release*"]
env:
GO_VERSION: 1.19
IMAGE_TAG_BASE: ${KIND_REGISTRY}/securesign
jobs:
build-operator:
name: Build-operator
runs-on: ubuntu-20.04
steps:
- name: Checkout source
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v1
with:
go-version: ${{ env.GO_VERSION }}
- name: Log in to registry.redhat.io
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1
with:
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
registry: registry.redhat.io
auth_file_path: /tmp/config.json
- name: Install Cluster
uses: container-tools/[email protected]
with:
version: v0.20.0
node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
cpu: 3
config: ./ci/kind/config.yaml
- name: Build and Deploy operator container
run: make docker-build docker-push deploy
- name: deploy router crd
run: kubectl apply -f hack/router-crd.yaml
- name: Wait for operator to be ready
run: |
kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system
- name: Install Keycloak
run: |
#install OLM
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml
# wait for a while to be sure CRDs are installed
sleep 1
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/operator/overlay/kind
until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ]
do
echo "Waiting for keycloak operator. Pods in keycloak-system namespace:"
kubectl get pods -n keycloak-system
sleep 10
done
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/resources/overlay/kind
until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]]
do
printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system)
sleep 10
done
shell: bash
- name: Apply sample config
run: |
kubectl create ns test
kubectl -n test create secret generic fulcio-secret-rh --from-file=private=./ci/kind/certs/file_ca_key.pem --from-file=public=./ci/kind/certs/file_ca_pub.pem --from-file=cert=./ci/kind/certs/fulcio-root.pem --from-literal=password=secure
kubectl -n test create secret generic rekor-private-key --from-file=private=./ci/kind/certs/rekor_key.pem
kubectl apply -f ./ci/resources/securesign.yaml -n test
- name: Apply sample config that generates certifcates
run: |
kubectl create ns create-cert
kubectl apply -f ./ci/resources/cert_create.yaml -n create-cert
- name: Until shell script to wait for fulcio deployment to be created
run: |
until [ ! -z "$(kubectl get deployment fulcio-server -n test 2>/dev/null)" ]
do
echo "Waiting for fulcio deployment to be created. Pods in test namespace:"
kubectl get pods -n test
sleep 3
done
shell: bash
- name: Check the deployment of fulcio
run: kubectl wait --for=condition=available deployment/fulcio-server --timeout=80s -n test
- name: Check the deployment of rekor
run: kubectl wait --for=condition=available deployment/rekor-server --timeout=80s -n test
- name: Check for the deployment of redis
run: kubectl wait --for=condition=available deployment/rekor-redis --timeout=80s -n test
- name: Check for the deployment of trillian logsigner
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n test
- name: Check for the deployment of trillian logserver
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n test
- name: wait for the createtree job to finish
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n test
- name: wait for the create-tree-rekor job to finish
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n test
- name: wait for create-config job to finish
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n test
- name: Check for the deployment of tuf
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n test
- name: Check for the deployment of ctlog
run: kubectl wait --for=condition=available deployment/ctlog --timeout=120s -n test
- name: Until shell script to wait for fulcio deployment to be created
run: |
until [ ! -z "$(kubectl get deployment fulcio-server -n create-cert 2>/dev/null)" ]
do
echo "Waiting for fulcio deployment to be created. Pods in create-cert namespace:"
kubectl get pods -n create-cert
sleep 3
done
shell: bash
- name: Check the deployment of fulcio
run: kubectl wait --for=condition=available deployment/fulcio-server --timeout=80s -n create-cert
- name: Check the deployment of rekor
run: kubectl wait --for=condition=available deployment/rekor-server --timeout=80s -n create-cert
- name: Check for the deployment of redis
run: kubectl wait --for=condition=available deployment/rekor-redis --timeout=80s -n create-cert
- name: Check for the deployment of trillian logsigner
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n create-cert
- name: Check for the deployment of trillian logserver
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n create-cert
- name: wait for the createtree job to finish
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n create-cert
- name: wait for the create-tree-rekor job to finish
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n create-cert
- name: wait for create-config job to finish
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n create-cert
- name: Check for the deployment of tuf
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n create-cert
- name: Check for the deployment of ctlog
run: kubectl wait --for=condition=available deployment/ctlog --timeout=120s -n create-cert
- name: dump the logs of the operator
run: kubectl logs -n operator-system deployment/operator-controller-manager
if: always()
- name: dump all deployments
run: kubectl get deployments -A
if: always()