-
Notifications
You must be signed in to change notification settings - Fork 0
164 lines (142 loc) · 5.48 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Release Charts
on:
push:
branches:
- main
tags:
- "*"
pull_request:
branches:
- main
env:
HELM_EXPERIMENTAL_OCI: 1
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout Vaas Helm
uses: actions/checkout@v4
with:
fetch-depth: 0
path: vaas-helm
- name: Checkout Vaas Java SDK
uses: actions/checkout@v4
with:
repository: GDATASoftwareAG/vaas
path: vaas-sdks
- name: Configure Git
run: |
cd vaas-helm
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
cd ..
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.13.3
- name: Install python
uses: actions/setup-python@v5
with:
python-version: 3
- name: Set up chart-testing
uses: helm/[email protected]
- name: Extract tag
id: extract_tag
run: |
version=$(grep '^version:' Chart.yaml | sed 's/"//g' | awk '{print $2}')
echo "Chart version is $version"
echo "CHART_VERSION=$version" >> $GITHUB_ENV
echo "CHART_VERSION=$version" >> $GITHUB_OUTPUT
working-directory: vaas-helm/charts/vaas
- name: Run chart-testing (lint)
run: ct lint --validate-maintainers=false --charts vaas-helm/charts/vaas
- name: Install Minikube
uses: manusa/[email protected]
with:
minikube version: v1.34.0
kubernetes version: v1.30.0
driver: docker
start args: --cpus 4 --memory 8192 --cni=cilium
- name: Set up kubectl
uses: azure/setup-kubectl@v3
with:
version: 'latest'
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.13.3
- name: Enable ingress
run: |
minikube addons enable ingress
minikube kubectl -- wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=120s
- name: Generate and apply self-signed certificate for ingress-nginx
run: |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout tls.key -out tls.crt -subj "/CN=ingress-nginx-controller-admission.ingress-nginx.svc"
kubectl create secret tls ingress-nginx-admission -n ingress-nginx \
--key tls.key --cert tls.crt
kubectl patch validatingwebhookconfiguration ingress-nginx-admission \
--type='json' -p='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value": "'$(base64 -w 0 tls.crt)'"}]'
- name: Deploy Helm Chart
run: |
cat <<EOF > values-local.yaml
global:
secret:
dockerconfigjson: "${{ secrets.DOCKER_CONFIG_JSON }}"
cloud:
hashLookup:
enabled: false
allowlistLookup:
enabled: false
EOF
helm dep up vaas-helm/charts/vaas
helm upgrade --install vaas vaas-helm/charts/vaas -f values-local.yaml -n vaas --create-namespace --debug
- name: Verify Pods
run: |
sleep 5
minikube kubectl -- get pods --namespace vaas || true
minikube kubectl -- wait --for=condition=ready pods --namespace vaas --timeout=300s --all
- name: Run Java SDK Example
run: |
sudo echo "$(minikube ip) vaas" | sudo tee -a /etc/hosts
sudo apt-get update
sudo apt-get install -y openjdk-21-jdk
export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
cd ./vaas-sdks/java/examples/VaasExample
export SCAN_PATH=$(pwd)/build.gradle
export CLIENT_ID=vaas
export CLIENT_SECRET=$(minikube kubectl -- get secret -n vaas vaas-client-secret -o jsonpath="{.data.secret}" | base64 -d)
export VAAS_URL=ws://vaas/ws
export TOKEN_URL=http://vaas/auth/protocol/openid-connect/token
gradle fileScan
minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep "Got verdict from store: Unknown"
gradle fileScan
minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep "Got verdict from store: Clean"
cd -
- name: Push chart
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
uses: appany/[email protected]
with:
name: vaas
repository: gdatasoftwareag/charts
tag: $CHART_VERSION
path: vaas-helm/charts/vaas
registry: ghcr.io
registry_username: ${{ secrets.REGISTRY_USERNAME }}
registry_password: ${{ secrets.CR_TOKEN }}
update_dependencies: "true"
- name: create zipfile
run: zip -r vaas-helm.zip vaas-helm/charts/vaas/
- name: Github Release
uses: softprops/action-gh-release@v2
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
with:
tag_name: ${{steps.extract_tag.outputs.CHART_VERSION}}
generate_release_notes: true
make_latest: true
files: |
vaas-helm.zip