-
Notifications
You must be signed in to change notification settings - Fork 68
155 lines (134 loc) · 5 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: build
on:
push:
branches:
- feature/workflows
- main
paths-ignore:
- "README.md"
- "docs/**"
pull_request:
branches:
- main
paths-ignore:
- "README.md"
- "docs/**"
jobs:
lint:
runs-on: ubuntu-latest
env:
GOPATH: /home/runner/work/open-feature/flagd
GOBIN: /home/runner/work/open-feature/flagd/bin
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'flagd/go.mod'
- run: make workspace-init
- run: make lint
docs-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'flagd/go.mod'
- run: make workspace-init
- run: make generate-docs
- name: Check no diff
run: |
if [ ! -z "$(git status --porcelain)" ]; then echo "Doc generation produced diff. Run 'make generate-docs' and commit results."; exit 1; fi
test:
runs-on: ubuntu-latest
env:
GOPATH: /home/runner/work/open-feature/flagd
GOBIN: /home/runner/work/open-feature/flagd/bin
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'flagd/go.mod'
- run: make workspace-init
- run: make test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4
docker-local:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
submodules: recursive
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'flagd/go.mod'
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: Build
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
with:
context: .
file: ./flagd/build.Dockerfile
outputs: type=docker,dest=${{ github.workspace }}/flagd-local.tar
tags: flagd-local:test
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
input: ${{ github.workspace }}/flagd-local.tar
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
env:
# use an alternative trivvy db to avoid rate limits
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3
with:
sarif_file: "trivy-results.sarif"
integration-test: # caching tests are disabled due to slow file I/O in github actions
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
submodules: recursive
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: 'flagd/go.mod'
- name: Install envoy
run: |
wget -O- https://apt.envoyproxy.io/signing.key | sudo gpg --dearmor -o /etc/apt/keyrings/envoy-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/envoy-keyring.gpg] https://apt.envoyproxy.io jammy main" | sudo tee /etc/apt/sources.list.d/envoy.list
sudo apt-get update
sudo apt-get install envoy
envoy --version
- name: Workspace init
run: make workspace-init
- name: Build flagd binary
run: make build
- name: Run flagd binary in background
run: |
./bin/flagd start \
-f file:${{ github.workspace }}/test-harness/flags/testing-flags.json \
-f file:${{ github.workspace }}/test-harness/flags/custom-ops.json \
-f file:${{ github.workspace }}/test-harness/flags/evaluator-refs.json \
-f file:${{ github.workspace }}/test-harness/flags/zero-flags.json \
-f file:${{ github.workspace }}/test-harness/flags/edge-case-flags.json &
- name: Run envoy proxy in background
run: |
envoy -c ./test/integration/config/envoy.yaml &
- name: Run evaluation test suite
run: go clean -testcache && go test -cover ./test/integration