Skip to content

Dependencies update to resolve multiple CVEs (#435) #241

Dependencies update to resolve multiple CVEs (#435)

Dependencies update to resolve multiple CVEs (#435) #241

Workflow file for this run

name: Push
on:
push:
branches:
- master
env:
DOCKER_FILE_PATH: Dockerfile
KUBERNETES_VERSION: "1.22.2"
KIND_VERSION: "0.10.0"
HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
DEFAULT_BRANCH: "master"
REGISTRY: ghcr.io
jobs:
build:
name: Build
if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
# Setting up helm binary
- name: Set up Helm
uses: azure/setup-helm@v3
- name: Set up Go
id: go
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Install Dependencies
run: |
make install
- name: Lint
run: |
go install github.com/golangci/golangci-lint/cmd/[email protected]
golangci-lint run --timeout=10m ./...
- name: Install kubectl
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
sudo install ./kubectl /usr/local/bin/ && rm kubectl
kubectl version --short --client
kubectl version --short --client | grep -q ${KUBERNETES_VERSION}
- name: Install Kind
run: |
curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
sudo install ./kind /usr/local/bin && rm kind
kind version
kind version | grep -q ${KIND_VERSION}
- name: Create Kind Cluster
run: |
kind create cluster
kubectl cluster-info
- name: Test
run: make test
- name: Generate Tag
id: generate_tag
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
WITH_V: true
DEFAULT_BUMP: patch
DRY_RUN: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to ghcr registry
uses: docker/login-action@v3
with:
registry: ${{env.REGISTRY}}
username: stakater-user
password: ${{secrets.GITHUB_TOKEN}}
- name: Generate image repository path for ghcr registry
run: |
echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
- name: Build and push image to ghcr registry
uses: docker/build-push-action@v5
with:
context: .
file: ${{ env.DOCKER_FILE_PATH }}
pull: true
push: true
cache-to: type=inline
build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
platforms: linux/amd64,linux/arm,linux/arm64
tags: |
${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
- name: Login to DockerHub Registry
uses: docker/login-action@v3
with:
username: ${{ secrets.STAKATER_DOCKERHUB_USERNAME }}
password: ${{ secrets.STAKATER_DOCKERHUB_PASSWORD }}
- name: Generate image repository path for DockerHub registry
run: |
echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
- name: Build and push Image to DockerHub registry
uses: docker/build-push-action@v5
with:
context: .
file: ${{ env.DOCKER_FILE_PATH }}
pull: true
push: true
build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
cache-to: type=inline
platforms: linux/amd64,linux/arm,linux/arm64
tags: |
${{ env.IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
##############################
## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
##############################
# Generate tag for operator without "v"
- name: Generate Operator Tag
id: generate_operator_tag
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
WITH_V: false
DEFAULT_BUMP: patch
DRY_RUN: true
# Update chart tag to the latest semver tag
- name: Update Chart Version
env:
VERSION: ${{ steps.generate_operator_tag.outputs.new_tag }}
run: make bump-chart
# Publish helm chart
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@master
with:
branch: master
repository: stakater-charts
target_dir: docs
token: ${{ secrets.STAKATER_GITHUB_TOKEN }}
charts_dir: deployments/kubernetes/chart/
charts_url: ${{ env.HELM_REGISTRY_URL }}
owner: stakater
linting: on
commit_username: stakater-user
commit_email: [email protected]
# Generate manifest release, generates both a jumbo manifest and also a manifests directory
- name: Generate manifests
run: |
helm template forecastle deployments/kubernetes/chart/forecastle/ --include-crds --set forecastle.service.expose="true" \
--set forecastle.route.enabled=true --set forecastle.route.tls.termination=reencrypt --set forecastle.config.crdEnabled=true \
--set forecastle.config.namespaceSelector.any=true > deployments/kubernetes/forecastle.yaml
helm template forecastle deployments/kubernetes/chart/forecastle/ --include-crds --output-dir deployments/kubernetes/manifests/ \
--set forecastle.service.expose="true" --set forecastle.route.enabled=true --set forecastle.route.tls.termination=reencrypt \
--set forecastle.config.namespaceSelector.any=true --set forecastle.config.crdEnabled=true
mv deployments/kubernetes/manifests/forecastle/templates/* deployments/kubernetes/manifests/
mv deployments/kubernetes/manifests/forecastle/crds/* deployments/kubernetes/manifests/
rm -r deployments/kubernetes/manifests/forecastle
# Commit back changes
- name: Commit files
run: |
git config --local user.email "[email protected]"
git config --local user.name "stakater-user"
git status
git add .
git commit -m "[skip-ci] Update artifacts" -a
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.STAKATER_GITHUB_TOKEN }}
branch: ${{ github.ref }}
- name: Push Latest Tag
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
WITH_V: true
DEFAULT_BUMP: patch
- name: Notify Slack
uses: 8398a7/action-slack@v3
if: always() # Pick up events even if the job fails or is canceled.
with:
status: ${{ job.status }}
fields: repo,author,action,eventName,ref,workflow
env:
GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}