Cleanup #68
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate SecureSign | |
on: | |
push: | |
branches: ["main", "release*"] | |
tags: ["*"] | |
pull_request: | |
branches: ["main", "release*"] | |
env: | |
GO_VERSION: 1.19 | |
IMAGE_TAG_BASE: ${KIND_REGISTRY}/securesign | |
jobs: | |
build-operator: | |
name: Build-operator | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Log in to registry.redhat.io | |
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1 | |
with: | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
registry: registry.redhat.io | |
auth_file_path: /tmp/config.json | |
- name: Install Cluster | |
uses: container-tools/[email protected] | |
with: | |
version: v0.20.0 | |
node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb | |
cpu: 3 | |
config: ./ci/kind/config.yaml | |
- name: Build and Deploy operator container | |
run: make docker-build docker-push deploy | |
- name: deploy router crd | |
run: kubectl apply -f hack/router-crd.yaml | |
- name: Wait for operator to be ready | |
run: | | |
kubectl wait --for=condition=available deployment/operator-controller-manager --timeout=60s -n operator-system | |
- name: Install Keycloak | |
run: | | |
#install OLM | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml | |
# wait for a while to be sure CRDs are installed | |
sleep 1 | |
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml | |
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/operator/overlay/kind | |
until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ] | |
do | |
echo "Waiting for keycloak operator. Pods in keycloak-system namespace:" | |
kubectl get pods -n keycloak-system | |
sleep 10 | |
done | |
kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/resources/overlay/kind | |
until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]] | |
do | |
printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system) | |
sleep 10 | |
done | |
shell: bash | |
- name: Apply sample config | |
run: | | |
kubectl create ns test | |
kubectl -n test create secret generic fulcio-secret-rh --from-file=private=./ci/kind/certs/file_ca_key.pem --from-file=public=./ci/kind/certs/file_ca_pub.pem --from-file=cert=./ci/kind/certs/fulcio-root.pem --from-literal=password=secure | |
kubectl -n test create secret generic rekor-private-key --from-file=private=./ci/kind/certs/rekor_key.pem | |
kubectl apply -f ./ci/resources/securesign.yaml -n test | |
- name: Apply sample config that generates certifcates | |
run: | | |
kubectl create ns create-cert | |
kubectl apply -f ./ci/resources/cert_create.yaml -n create-cert | |
- name: Until shell script to wait for fulcio deployment to be created | |
run: | | |
until [ ! -z "$(kubectl get deployment fulcio-server -n test 2>/dev/null)" ] | |
do | |
echo "Waiting for fulcio deployment to be created. Pods in test namespace:" | |
kubectl get pods -n test | |
sleep 3 | |
done | |
shell: bash | |
- name: Check the deployment of fulcio | |
run: kubectl wait --for=condition=available deployment/fulcio-server --timeout=80s -n test | |
- name: Check the deployment of rekor | |
run: kubectl wait --for=condition=available deployment/rekor-server --timeout=80s -n test | |
- name: Check for the deployment of redis | |
run: kubectl wait --for=condition=available deployment/rekor-redis --timeout=80s -n test | |
- name: Check for the deployment of trillian logsigner | |
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n test | |
- name: Check for the deployment of trillian logserver | |
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n test | |
- name: wait for the createtree job to finish | |
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n test | |
- name: wait for the create-tree-rekor job to finish | |
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n test | |
- name: wait for create-config job to finish | |
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n test | |
- name: Check for the deployment of tuf | |
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n test | |
- name: Check for the deployment of ctlog | |
run: kubectl wait --for=condition=available deployment/ctlog --timeout=120s -n test | |
- name: Until shell script to wait for fulcio deployment to be created | |
run: | | |
until [ ! -z "$(kubectl get deployment fulcio-server -n create-cert 2>/dev/null)" ] | |
do | |
echo "Waiting for fulcio deployment to be created. Pods in create-cert namespace:" | |
kubectl get pods -n create-cert | |
sleep 3 | |
done | |
shell: bash | |
- name: Check the deployment of fulcio | |
run: kubectl wait --for=condition=available deployment/fulcio-server --timeout=80s -n create-cert | |
- name: Check the deployment of rekor | |
run: kubectl wait --for=condition=available deployment/rekor-server --timeout=80s -n create-cert | |
- name: Check for the deployment of redis | |
run: kubectl wait --for=condition=available deployment/rekor-redis --timeout=80s -n create-cert | |
- name: Check for the deployment of trillian logsigner | |
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n create-cert | |
- name: Check for the deployment of trillian logserver | |
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n create-cert | |
- name: wait for the createtree job to finish | |
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n create-cert | |
- name: wait for the create-tree-rekor job to finish | |
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n create-cert | |
- name: wait for create-config job to finish | |
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n create-cert | |
- name: Check for the deployment of tuf | |
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n create-cert | |
- name: Check for the deployment of ctlog | |
run: kubectl wait --for=condition=available deployment/ctlog --timeout=120s -n create-cert | |
- name: dump the logs of the operator | |
run: kubectl logs -n operator-system deployment/operator-controller-manager | |
if: always() | |
- name: dump all deployments | |
run: kubectl get deployments -A | |
if: always() |