[Snyk] Security upgrade alpine from 3.20.1 to 3.20.3 #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and test | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| push: | |
| branches: [ main ] | |
| env: | |
| PLATFORMS: linux/amd64, linux/arm64 | |
| jobs: | |
| unittest: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Install Test Dependencies | |
| run: | | |
| # https://github.com/kubernetes-sigs/kustomize/releases | |
| # renovate: datasource=github-releases depName=kubernetes-sigs/kustomize versioning=loose | |
| KUSTOMIZE_VERSION=kustomize/v5.0.3 | |
| # https://github.com/helm/helm/releases | |
| # renovate: datasource=github-releases depName=helm/helm | |
| HELM_VERSION=v3.15.3 | |
| # https://github.com/helmfile/helmfile/releases | |
| # renovate: datasource=github-releases depName=helmfile/helmfile | |
| HELMFILE_VERSION=v0.166.0 | |
| # Install Helm | |
| curl -SL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -xz linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/ | |
| # Install Kustomize | |
| curl -SL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F$(echo ${KUSTOMIZE_VERSION}|tr -d kustomize/)/kustomize_$(echo ${KUSTOMIZE_VERSION}|tr -d kustomize/)_linux_amd64.tar.gz | tar -xzC /usr/local/bin | |
| # Install Helmfile | |
| curl -SL https://github.com/helmfile/helmfile/releases/download/${HELMFILE_VERSION}/helmfile_${HELMFILE_VERSION:1}_linux_amd64.tar.gz | tar -xzC /usr/local/bin | |
| - name: Get | |
| run: go get -v ./... | |
| - name: Build | |
| run: go build -v ./... | |
| - name: Test | |
| run: go test -v ./... | |
| build-ci-lovely-containers: | |
| runs-on: ubuntu-latest | |
| needs: unittest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: "build-lovely-containers" | |
| run: | | |
| docker build -f Dockerfile -t lovely-ver . | |
| docker build -f variations/Dockerfile.nover --build-arg "NAME=lovely" --build-arg "PARENT=lovely-ver" --build-arg="VERSION=latest" -t k3d-registry.localhost:5000/lovely . | |
| mkdir -p /tmp/lovely-cmp | |
| docker save k3d-registry.localhost:5000/lovely > /tmp/lovely-cmp/lovely-cmp.tar | |
| docker tag k3d-registry.localhost:5000/lovely ghcr.io/crumbhole/argocd-lovely-plugin-cmp:ci | |
| - name: Temporarily save CMP Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: lovely-cmp-docker | |
| path: /tmp/lovely-cmp | |
| retention-days: 1 | |
| test-deploy-argocd-cmp-sidecar: | |
| runs-on: ubuntu-latest | |
| needs: build-ci-lovely-containers | |
| strategy: | |
| matrix: | |
| argocd_version: | |
| - "2.12" | |
| - "2.11" | |
| - "2.10" | |
| fail-fast: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Retrieve saved Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: lovely-cmp-docker | |
| path: /tmp/lovely-cmp | |
| - uses: AbsaOSS/k3d-action@v2 | |
| name: "Create single k3d Cluster and run Argocd/Lovely" | |
| with: | |
| cluster-name: lovely | |
| args: >- | |
| --config=.github/workflows/k3d.conf | |
| - name: "Deploy Argocd/Lovely" | |
| run: | | |
| docker load < /tmp/lovely-cmp/lovely-cmp.tar | |
| docker push k3d-registry.localhost:5000/lovely | |
| kubectl apply -k .github/workflows/assets/bootstrap/argocd-cmp-${{ matrix.argocd_version }} | |
| kubectl -n argocd rollout status statefulset/argocd-application-controller | |
| kubectl -n argocd rollout status deployment/argocd-repo-server | |
| kubectl -n argocd apply -f .github/workflows/assets/applications/helm_only_in_kustomize.yaml | |
| kubectl -n argocd apply -f .github/workflows/assets/applications/helm_plus_additions.yaml | |
| kubectl -n argocd apply -f .github/workflows/assets/applications/helmfile.yaml | |
| - name: "Test helmonlyinkustomize" | |
| run: | | |
| kubectl config use-context k3d-lovely | |
| sleep 30 | |
| kubectl -n helmonlyinkustomize rollout status deployment/test-hello-world | |
| kubectl -n helmonlyinkustomize describe pod -l=app.kubernetes.io/name=hello-world | |
| kubectl -n helmonlyinkustomize logs -l=app.kubernetes.io/name=hello-world --ignore-errors=true | |
| - name: "Test helmplusadditions" | |
| run: | | |
| kubectl config use-context k3d-lovely | |
| kubectl -n helmplusadditions rollout status deployment/helmplusadditions-hello-world | |
| kubectl -n helmplusadditions describe pod -l=app.kubernetes.io/name=hello-world | |
| kubectl -n helmplusadditions logs -l=app.kubernetes.io/name=hello-world --ignore-errors=true | |
| kubectl -n helmplusadditions get secrets mysecret | |
| kubectl -n helmplusadditions get configmaps index.html-g9575k5952 | |
| - name: "Test helmfile" | |
| run: | | |
| kubectl config use-context k3d-lovely | |
| sleep 30 | |
| kubectl -n helmfile rollout status deployment/test-hello-world | |
| kubectl -n helmfile describe pod -l=app.kubernetes.io/name=hello-world | |
| kubectl -n helmfile logs -l=app.kubernetes.io/name=hello-world --ignore-errors=true | |
| delete-ci-lovely-containers: | |
| name: Delete CI Lovely Containers | |
| runs-on: ubuntu-latest | |
| needs: [test-deploy-argocd-cmp-sidecar] | |
| steps: | |
| - name: delete-artifact | |
| uses: geekyeggo/delete-artifact@v5 | |
| with: | |
| name: lovely-cmp-docker | |
| build_sidecar: | |
| name: Build sidecar docker image | |
| needs: [test-deploy-argocd-cmp-sidecar] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Build sidecar image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| platforms: ${{ env.PLATFORMS }} | |
| tags: ghcr.io/crumbhole/argocd-lovely-plugin-cmp:${{ github.sha }} | |
| build-args: VERSION=${{ github.sha }} | |
| build_variations: | |
| name: Build variation docker images | |
| needs: [build_sidecar] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.CR_PAT }} | |
| - uses: ./.github/actions/variations | |
| with: | |
| version: ${{ github.sha }} |