diff --git a/.github/actions/aqua/action.yaml b/.github/actions/aqua/action.yaml new file mode 100644 index 0000000..02f2e19 --- /dev/null +++ b/.github/actions/aqua/action.yaml @@ -0,0 +1,14 @@ +name: "Setup tools" +description: "Setup tools with aqua" +inputs: + github_token: + description: "GitHub Token" + required: true +runs: + using: composite + steps: + - uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 + with: + aqua_version: v2.25.1 + env: + GITHUB_TOKEN: ${{ inputs.github_token }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 31f7938..df33b35 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -23,6 +23,9 @@ jobs: with: path: cache key: cache-files-go-${{ hashFiles('go.mod') }}-${{ hashFiles('Makefile') }} + - uses: ./.github/actions/aqua + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Setup tools run: make setup - name: Run code check diff --git a/Makefile b/Makefile index c6c7b17..ba4dfdb 100644 --- a/Makefile +++ b/Makefile @@ -2,23 +2,10 @@ BIN_DIR := $(shell pwd)/bin TOOLS_DIR := $(BIN_DIR)/download CACHE_DIR := $(shell pwd)/cache -HELM_VERSION := 3.14.3 -JQ_VERSION := 1.7.1 -KIND_VERSION := 0.22.0 -KUBECTL_VERSION := 1.29.3 -KUSTOMIZE_VERSION := 5.3.0 -YQ_VERSION := 4.43.1 - # Test tools CUSTOMCHECKER := $(TOOLS_DIR)/custom-checker -HELM_BINARY := $(TOOLS_DIR)/helm -HELM := $(HELM_BINARY) --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml -JQ := $(TOOLS_DIR)/jq -KIND := $(TOOLS_DIR)/kind -KUBECTL := $(TOOLS_DIR)/kubectl -KUSTOMIZE := $(TOOLS_DIR)/kustomize +HELM := helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml STATICCHECK := $(TOOLS_DIR)/staticcheck -YQ := $(TOOLS_DIR)/yq .PHONY: all all: help @@ -30,44 +17,21 @@ help: ## Display this help @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) .PHONY: setup -setup: $(CUSTOMCHECKER) $(HELM_BINARY) $(KIND) $(JQ) $(KUBECTL) $(KUSTOMIZE) $(STATICCHECK) $(YQ) ## Install necessary tools +setup: $(CUSTOMCHECKER) $(STATICCHECK) ## Install necessary tools + if ! which aqua; then \ + echo 'setup needs aqua.'; \ + exit 1; \ + fi + aqua install -l $(HELM) repo add cilium https://helm.cilium.io/ $(HELM) repo update cilium $(CUSTOMCHECKER): GOBIN=$(TOOLS_DIR) go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest -$(HELM_BINARY): - mkdir -p $(TOOLS_DIR) - wget -qO - https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz | tar zx -O linux-amd64/helm > $@ - chmod +x $@ - -$(JQ): - mkdir -p $(TOOLS_DIR) - wget -qO $@ https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)/jq-linux-amd64 - chmod +x $@ - -$(KIND): - GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@v$(KIND_VERSION) - -$(KUBECTL): - mkdir -p $(TOOLS_DIR) - wget -qO $@ https://storage.googleapis.com/kubernetes-release/release/v$(KUBECTL_VERSION)/bin/linux/amd64/kubectl - chmod +x $@ - -$(KUSTOMIZE): - mkdir -p $(TOOLS_DIR) - wget -qO - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv$(KUSTOMIZE_VERSION)/kustomize_v$(KUSTOMIZE_VERSION)_linux_amd64.tar.gz | tar zx -O kustomize > $@ - chmod +x $@ - $(STATICCHECK): GOBIN=$(TOOLS_DIR) go install honnef.co/go/tools/cmd/staticcheck@latest -$(YQ): - mkdir -p $(TOOLS_DIR) - wget -qO $@ https://github.com/mikefarah/yq/releases/download/v$(YQ_VERSION)/yq_linux_amd64 - chmod +x $@ - .PHONY: clean clean: rm -rf $(BIN_DIR) diff --git a/aqua.yaml b/aqua.yaml new file mode 100644 index 0000000..d76d570 --- /dev/null +++ b/aqua.yaml @@ -0,0 +1,18 @@ +--- +# aqua - Declarative CLI Version Manager +# https://aquaproj.github.io/ +# checksum: +# enabled: true +# require_checksum: true +# supported_envs: +# - all +registries: +- type: standard + ref: v4.231.0 # renovate: depName=aquaproj/aqua-registry +packages: +- name: helm/helm@v3.16.2 +- name: jqlang/jq@jq-1.7.1 +- name: kubernetes/kubectl@v1.29.9 +- name: kubernetes-sigs/kind@v0.24.0 +- name: kubernetes-sigs/kustomize@kustomize/v5.5.0 +- name: mikefarah/yq@v4.44.3 diff --git a/e2e/Makefile b/e2e/Makefile index ced9aaa..a04e22d 100644 --- a/e2e/Makefile +++ b/e2e/Makefile @@ -5,11 +5,7 @@ TOOLS_DIR := $(BIN_DIR)/download CACHE_DIR := $(shell pwd)/../cache POLICY_VIEWER := $(BIN_DIR)/npv -HELM := $(TOOLS_DIR)/helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml -KIND := $(TOOLS_DIR)/kind -KUBECTL := $(TOOLS_DIR)/kubectl -KUSTOMIZE := $(TOOLS_DIR)/kustomize -YQ := $(TOOLS_DIR)/yq +HELM := helm --repository-cache $(CACHE_DIR)/helm/repository --repository-config $(CACHE_DIR)/helm/repositories.yaml ##@ Basic @@ -21,27 +17,27 @@ help: ## Display this help .PHONY: wait-for-workloads wait-for-workloads: - $(KUBECTL) wait --for=condition=Available --all deployments --all-namespaces --timeout=1h - $(KUBECTL) wait --for=condition=Ready --all pods --all-namespaces --timeout=1h + kubectl wait --for=condition=Available --all deployments --all-namespaces --timeout=1h + kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout=1h .PHONY: start start: docker pull quay.io/cilium/cilium:v$(CILIUM_VERSION) - $(KIND) create cluster --config testdata/cluster.yaml - $(KIND) load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION) + kind create cluster --config testdata/cluster.yaml + kind load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION) $(HELM) install cilium cilium/cilium --version $(CILIUM_VERSION) \ --namespace kube-system \ --set image.pullPolicy=IfNotPresent \ --set ipam.mode=kubernetes - $(KUSTOMIZE) build testdata | $(KUBECTL) apply -f - + kustomize build testdata | kubectl apply -f - $(MAKE) --no-print-directory wait-for-workloads run-test-pod-%: cat testdata/template/ubuntu.yaml | \ - $(YQ) '.metadata.name = "$*"' | \ - $(YQ) '.spec.selector.matchLabels = {"test": "$*"}' | \ - $(YQ) '.spec.template.metadata.labels = {"test": "$*"}' | \ - $(KUBECTL) apply -f - + yq '.metadata.name = "$*"' | \ + yq '.spec.selector.matchLabels = {"test": "$*"}' | \ + yq '.spec.template.metadata.labels = {"test": "$*"}' | \ + kubectl apply -f - .PHONY: install-test-pod install-test-pod: @@ -52,14 +48,14 @@ install-test-pod: $(MAKE) --no-print-directory run-test-pod-l3-egress-implicit-deny $(MAKE) --no-print-directory run-test-pod-l3-egress-explicit-deny $(MAKE) --no-print-directory wait-for-workloads - $(KUBECTL) apply -f testdata/policy/l3.yaml + kubectl apply -f testdata/policy/l3.yaml .PHONY: install-policy-viewer install-policy-viewer: $(MAKE) -C ../ build - PODNAME=$$($(KUBECTL) get po -l app=ubuntu -o name | cut -d'/' -f2); \ - $(KUBECTL) cp $(POLICY_VIEWER) $${PODNAME}:/tmp/; \ - $(KUBECTL) exec $${PODNAME} -- chmod +x /tmp/npv + PODNAME=$$(kubectl get po -l app=ubuntu -o name | cut -d'/' -f2); \ + kubectl cp $(POLICY_VIEWER) $${PODNAME}:/tmp/; \ + kubectl exec $${PODNAME} -- chmod +x /tmp/npv .PHONY: test test: @@ -67,4 +63,4 @@ test: .PHONY: stop stop: - $(KIND) delete cluster + kind delete cluster