Skip to content

Commit

Permalink
ci: use global workflows
Browse files Browse the repository at this point in the history
Signed-off-by: Tyler Gillson <[email protected]>
  • Loading branch information
TylerGillson committed Jun 6, 2024
1 parent 849a047 commit fbd7834
Show file tree
Hide file tree
Showing 10 changed files with 42 additions and 323 deletions.
38 changes: 0 additions & 38 deletions .github/workflows/bulwark-gitleaks.yaml

This file was deleted.

31 changes: 0 additions & 31 deletions .github/workflows/bulwark-golicences.yaml

This file was deleted.

49 changes: 0 additions & 49 deletions .github/workflows/bulwark-gosec.yaml

This file was deleted.

26 changes: 0 additions & 26 deletions .github/workflows/bulwark-govulncheck.yaml

This file was deleted.

9 changes: 9 additions & 0 deletions .github/workflows/gitleaks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: GitLeaks

on:
pull_request:

jobs:
call-gitleaks:
uses: validator-labs/workflows/.github/workflows/gitleaks.yaml@main
secrets: inherit
9 changes: 9 additions & 0 deletions .github/workflows/golicences.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: GoLicenses

on:
pull_request:

jobs:
call-golicences:
uses: validator-labs/workflows/.github/workflows/golicences.yaml@main
secrets: inherit
9 changes: 9 additions & 0 deletions .github/workflows/gosec.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: GoSec

on:
pull_request:

jobs:
call-gosec:
uses: validator-labs/workflows/.github/workflows/gosec.yaml@main
secrets: inherit
9 changes: 9 additions & 0 deletions .github/workflows/govulncheck.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: GoVulnCheck

on:
pull_request:

jobs:
call-govulncheck:
uses: validator-labs/workflows/.github/workflows/govulncheck.yaml@main
secrets: inherit
103 changes: 3 additions & 100 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,105 +5,8 @@ on:
branches:
- main
- '[0-9]+.[0-9]+.x'
workflow_dispatch:

env:
REGISTRY: quay.io
GITHUB_PAGES_BRANCH: gh_pages

defaults:
run:
shell: bash

jobs:
release-please:
permissions:
contents: write # for google-github-actions/release-please-action to create release commit
pull-requests: write # for google-github-actions/release-please-action to create release PR
runs-on: [self-hosted, Linux, X64, validator]
outputs:
releases_created: ${{ steps.release.outputs.releases_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
# Release-please creates a PR that tracks all changes
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

- uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4
id: release
with:
token: ${{ secrets.PAT }}

release-charts:
needs: release-please
permissions:
contents: write
runs-on: [self-hosted, Linux, X64, validator]
if: needs.release-please.outputs.releases_created == 'true'
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@master
with:
token: ${{ secrets.PAT }}
charts_dir: chart
owner: validator-labs
branch: ${{ env.GITHUB_PAGES_BRANCH }}
commit_username: validator-labs-bot
commit_email: [email protected]

build-container:
if: needs.release-please.outputs.releases_created == 'true'
needs:
- release-please
runs-on: [self-hosted, Linux, X64, validator]
permissions:
contents: write
packages: write
id-token: write
env:
IMAGE_TAG: quay.io/validator-labs/validator:${{ needs.release-please.outputs.tag_name }}
IMAGE_NAME: validator
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
submodules: recursive

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3

- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
with:
registry: "quay.io"
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}

- name: Build Docker Image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
target: production
tags: |
${{ env.IMAGE_TAG }}
builder: ${{ steps.buildx.outputs.name }}
push: true
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}

- name: Generate SBOM
uses: anchore/sbom-action@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
with:
image: ${{ env.IMAGE_TAG }}
artifact-name: sbom-${{ env.IMAGE_NAME }}
output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json

- name: Attach SBOM to release
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2
with:
tag_name: ${{ needs.release-please.outputs.tag_name }}
files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json
call-release:
uses: validator-labs/workflows/.github/workflows/release.yaml@main
secrets: inherit
82 changes: 3 additions & 79 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,84 +5,8 @@ on:
branches:
- main
pull_request:
workflow_dispatch:

concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true

jobs:
test:
name: Run Unit & Integration Tests
runs-on: [self-hosted, Linux, X64, validator]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4

- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
with:
cache: false
go-version-file: go.mod

- name: Set up Helm
run: make helm

- name: Test
run: make test

- name: Workaround for https://github.com/codecov/feedback/issues/263
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Codecov
uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4
with:
file: ./cover.out
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}

test-chart:
name: Run Helm Chart Tests
runs-on: [self-hosted, Linux, X64, validator]
if: "!(contains(github.head_ref, 'release-please') || contains(github.ref, 'release-please'))"
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: v3.11.2

- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
with:
python-version: '3.9'
check-latest: true

- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Run chart-testing (list-changed)
id: list-changed
run: |
set -ex
changed=$(ct list-changed --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }})
echo $changed
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: |
cd $GITHUB_WORKSPACE
ct lint --validate-maintainers=false --check-version-increment=false --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }}
- name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0

- name: Run chart-testing (install)
if: steps.list-changed.outputs.changed == 'true'
run: ct install --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }}
call-test:
uses: validator-labs/workflows/.github/workflows/test.yaml@main
secrets: inherit

0 comments on commit fbd7834

Please sign in to comment.