Merge pull request #184 from securesign/gamma-release-fix-ec-build-er… #604
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate SecureSign | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main", "release*"] | |
| tags: ["*"] | |
| pull_request: | |
| branches: ["main", "release*"] | |
| env: | |
| GO_VERSION: 1.21 | |
| IMAGE_TAG_BASE: ${KIND_REGISTRY}/securesign | |
| jobs: | |
| build-operator: | |
| name: Build-operator | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v2 | |
| - name: Install Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Log in to registry.redhat.io | |
| uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1 | |
| with: | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| registry: registry.redhat.io | |
| auth_file_path: /tmp/config.json | |
| - name: Install Cluster | |
| uses: container-tools/[email protected] | |
| with: | |
| version: v0.20.0 | |
| node_image: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb | |
| cpu: 3 | |
| config: ./ci/config.yaml | |
| - name: Install Ingress | |
| run: | | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml | |
| kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s | |
| - name: Build and Deploy operator container | |
| run: make docker-build docker-push deploy | |
| - name: Wait for operator to be ready | |
| run: | | |
| kubectl wait --for=condition=available deployment/rhtas-operator-controller-manager --timeout=60s -n openshift-rhtas-operator | |
| - name: Install Keycloak | |
| run: | | |
| #install OLM | |
| kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml | |
| # wait for a while to be sure CRDs are installed | |
| sleep 1 | |
| kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml | |
| kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/operator/overlay/kind | |
| until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ] | |
| do | |
| echo "Waiting for keycloak operator. Pods in keycloak-system namespace:" | |
| kubectl get pods -n keycloak-system | |
| sleep 10 | |
| done | |
| kubectl create --kustomize https://github.com/securesign/sigstore-ocp/keycloak/resources/overlay/kind | |
| until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]] | |
| do | |
| printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system) | |
| sleep 10 | |
| done | |
| # HACK - expose keycloak under the same name as the internal SVC has so it will be accessible: | |
| # - within the cluster (where the localhost does not work) | |
| # - outside the cluster (resolved from /etc/hosts and redirect to the localhost) | |
| kubectl create -n keycloak-system -f - <<EOF | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: keycloak | |
| spec: | |
| rules: | |
| - host: keycloak-internal.keycloak-system.svc | |
| http: | |
| paths: | |
| - backend: | |
| service: | |
| name: keycloak-internal | |
| port: | |
| number: 80 | |
| path: / | |
| pathType: Prefix | |
| EOF | |
| shell: bash | |
| - name: Add service hosts to /etc/hosts | |
| run: | | |
| sudo echo "127.0.0.1 fulcio.local tuf.local rekor-server.local keycloak-internal.keycloak-system.svc rekor-search-ui.local cli-server.local" | sudo tee -a /etc/hosts | |
| - name: Install cosign | |
| run: go install github.com/sigstore/cosign/v2/cmd/[email protected] | |
| - name: Run tests | |
| run: make integration-test | |
| - name: dump the logs of the operator | |
| run: kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager | |
| if: always() |