Bump the actions group with 8 updates #1269
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: ['main', 'stable/**'] | |
| types: ['opened', 'reopened', 'synchronize'] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| name: Changes | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| base: ${{ steps.filter.outputs.base }} | |
| go: ${{ steps.filter.outputs.go }} | |
| helm: ${{ steps.filter.outputs.helm }} | |
| smoke: ${{ steps.filter.outputs.smoke }} | |
| runner: ${{ steps.runner.outputs.type }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| filters: | | |
| base: | |
| - 'NGINX_BASE' | |
| go: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'rootfs/**/*' | |
| - 'TAG' | |
| - 'test/e2e/**/*' | |
| - 'NGINX_BASE' | |
| helm: | |
| - 'charts/ingress-nginx/Chart.yaml' | |
| - 'charts/ingress-nginx/**/*' | |
| smoke: | |
| - 'test/smoke/*' | |
| build: | |
| name: Build images | |
| runs-on: ${{ matrix.RUNNER }} | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true' || needs.changes.outputs.helm == 'true' || needs.changes.outputs.smoke == 'true') | |
| needs: | |
| - changes | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - ARCH: amd64 | |
| RUNNER: self-hosted-amd64-2cpu | |
| - ARCH: arm64 | |
| RUNNER: self-hosted-arm64-2cpu | |
| env: | |
| ARCH: ${{ matrix.ARCH }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0 | |
| id: secrets | |
| with: | |
| exportEnv: true | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Build controller images | |
| env: | |
| REGISTRY: wallarm | |
| TAG: 1.0.0-dev | |
| USER: runner | |
| run: | | |
| echo "Building controller images ..." | |
| make clean-image build image image-chroot | |
| echo "Building E2E image ..." | |
| make -C test/e2e-image image | |
| docker save -o controller-${{ env.ARCH }}.tar \ | |
| wallarm/ingress-controller:1.0.0-dev \ | |
| wallarm/ingress-controller-chroot:1.0.0-dev \ | |
| nginx-ingress-controller:e2e | |
| - name: Cache controller images | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
| with: | |
| retention-days: 1 | |
| name: controller-${{ env.ARCH }}.tar | |
| path: controller-${{ env.ARCH }}.tar | |
| smoke: | |
| name: Smoke | |
| runs-on: ${{ matrix.RUNNER }} | |
| needs: | |
| - build | |
| - changes | |
| if: | | |
| (needs.changes.outputs.helm == 'true' || needs.changes.outputs.go == 'true' || needs.changes.outputs.smoke == 'true') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| k8s: [v1.26.15, v1.30.0] | |
| ARCH: [amd64, arm64] | |
| include: | |
| - ARCH: amd64 | |
| RUNNER: self-hosted-amd64-2cpu | |
| - ARCH: arm64 | |
| RUNNER: self-hosted-arm64-2cpu | |
| env: | |
| CLIENT_ID: 5 | |
| ARCH: ${{ matrix.ARCH }} | |
| KIND_CLUSTER_NAME: kind-${{ matrix.k8s }} | |
| KUBECONFIG: $HOME/.kube/kind-config-${{ matrix.k8s }} | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/ingress api_token ; | |
| kv-gitlab-ci/data/github/ingress api_host ; | |
| kv-gitlab-ci/data/github/ingress api_preset ; | |
| kv-gitlab-ci/data/github/ingress user_token ; | |
| kv-gitlab-ci/data/github/ingress webhook_uuid ; | |
| kv-gitlab-ci/data/github/ingress webhook_api_key ; | |
| kv-gitlab-ci/data/github/shared/allure allure_token ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Load cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} | |
| - name: Run smoke tests | |
| env: | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| DOCKERHUB_USER: ${{ steps.secrets.outputs.user }} | |
| DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.password }} | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }} | |
| WALLARM_API_PRESET: ${{ steps.secrets.outputs.api_preset }} | |
| USER_TOKEN: ${{ steps.secrets.outputs.user_token }} | |
| SMOKE_REGISTRY_TOKEN: ${{ steps.secrets.outputs.token_name }} | |
| SMOKE_REGISTRY_SECRET: ${{ steps.secrets.outputs.token_secret }} | |
| WEBHOOK_API_KEY: ${{ steps.secrets.outputs.webhook_api_key }} | |
| WEBHOOK_UUID: ${{ steps.secrets.outputs.webhook_uuid }} | |
| ALLURE_UPLOAD_REPORT: true | |
| ALLURE_GENERATE_REPORT: true | |
| ALLURE_PROJECT_ID: 10 | |
| ALLURE_TOKEN: ${{ steps.secrets.outputs.allure_token }} | |
| ALLURE_ENVIRONMENT_K8S: ${{ matrix.k8s }} | |
| ALLURE_ENVIRONMENT_ARCH: ${{ matrix.ARCH }} | |
| run: | | |
| make kind-smoke-test | |
| chart-testing: | |
| name: Chart testing | |
| runs-on: self-hosted-amd64-2cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.helm == 'true' | |
| env: | |
| ARCH: amd64 | |
| strategy: | |
| matrix: | |
| # "upgrade" is disabled, there is an issue with this mode if values.yaml changed https://github.com/helm/chart-testing/issues/525 | |
| method: [ "install" ] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/ingress api_token ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Load cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.26.15 --config test/e2e/kind.yaml | |
| - name: Run chart testing ${{ matrix.method }} | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_IMAGE_CREATION: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| CT_MODE: ${{ matrix.method }} | |
| DOCKERHUB_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| run: | | |
| kind get kubeconfig > $GITHUB_WORKSPACE/kind-config-kind | |
| export KUBECONFIG=$GITHUB_WORKSPACE/kind-config-kind | |
| make kind-e2e-chart-tests | |
| e2e: | |
| name: E2E | |
| runs-on: self-hosted-amd64-4cpu | |
| needs: | |
| - build | |
| - changes | |
| if: needs.changes.outputs.go == 'true' | |
| env: | |
| ARCH: amd64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Create cluster | |
| run: kind create cluster --image=kindest/node:v1.26.15 --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| ARCH: amd64 | |
| DOCKERHUB_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make kind-e2e-test | |
| e2e-wallarm: | |
| name: E2E - Wallarm | |
| runs-on: self-hosted-amd64-4cpu | |
| needs: | |
| - changes | |
| - build | |
| if: needs.changes.outputs.go == 'true' | |
| env: | |
| ARCH: amd64 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] | |
| steps: | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/ingress api_token ; | |
| kv-gitlab-ci/data/github/ingress api_host ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Create cluster ${{ matrix.k8s }} | |
| run: kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml | |
| - name: Run e2e tests | |
| env: | |
| KIND_CLUSTER_NAME: kind | |
| SKIP_CLUSTER_CREATION: true | |
| SKIP_INGRESS_IMAGE_CREATION: true | |
| SKIP_E2E_IMAGE_CREATION: true | |
| WALLARM_ENABLED: true | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }} | |
| DOCKERHUB_USER: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| run: | | |
| kind get kubeconfig > $HOME/.kube/kind-config-kind | |
| make E2E_NODES=7 kind-e2e-test | |
| scan: | |
| name: Scan images | |
| runs-on: self-hosted-amd64-1cpu | |
| continue-on-error: true | |
| needs: | |
| - changes | |
| - build | |
| if: | | |
| (needs.changes.outputs.base == 'true' || needs.changes.outputs.go == 'true') | |
| env: | |
| ARCH: amd64 | |
| steps: | |
| - name: Load controller build cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: controller-${{ env.ARCH }}.tar | |
| - name: Load controller images | |
| run: docker load -i controller-${{ env.ARCH }}.tar | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Login to DockerHub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} | |
| - name: Scan controller image | |
| uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a | |
| with: | |
| image: "wallarm/ingress-controller:1.0.0-dev" | |
| fail-build: true | |
| output-format: 'table' | |
| severity-cutoff: 'critical' |