This repository has been archived by the owner on Mar 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 30
143 lines (133 loc) · 5.05 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Continuous Integration
on:
push:
pull_request:
env:
HELM_CHART_DIR: helm-chart
GIT_NAME: NGINX Kubernetes Team
GIT_MAIL: [email protected]
concurrency:
group: ${{ github.ref_name }}-ci
cancel-in-progress: true
jobs:
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup Golang Environment
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version-file: go.mod
cache: true
- name: Lint Code
uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
with:
version: v1.52
args: --timeout 10m
- name: Lint Helm
run: helm lint ${{ env.HELM_CHART_DIR }}
unit-tests:
name: Unit Tests
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup Golang Environment
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version-file: go.mod
cache: true
- name: Run Tests
run: make test
- name: Upload Coverage Report
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: coverage-${{ github.run_id }}.html
path: ${{ github.workspace }}/build/coverage.html
binary:
name: Build Binary
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup Golang Environment
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version-file: go.mod
cache: true
- name: Build binary
uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
with:
version: latest
args: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || 'build --snapshot' }} --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # 0.9.2
continue-on-error: true
with:
scan-type: 'rootfs'
scan-ref: '.'
ignore-unfixed: 'true'
format: 'sarif'
output: 'trivy-results-nginx-service-mesh.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12
continue-on-error: true
with:
sarif_file: 'trivy-results-nginx-service-mesh.sarif'
- name: Upload Scan Results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
continue-on-error: true
with:
name: 'trivy-results-nginx-service-mesh.sarif'
path: 'trivy-results-nginx-service-mesh.sarif'
package-helm:
name: Package Helm Chart
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.var.outputs.version }}
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout Repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Output Variables
id: var
run: |
version="$(helm show chart ${{ env.HELM_CHART_DIR }} | grep 'version:' | cut -d ' ' -f 2)"
echo "version=$version" >> $GITHUB_OUTPUT
- name: Package
run: helm package --version ${{ steps.var.outputs.version }} ${{ env.HELM_CHART_DIR }}
- name: Upload Chart
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: helm-chart
path: ${{ github.workspace }}/nginx-service-mesh-${{ steps.var.outputs.version }}.tgz
release-helm:
name: Release Helm Chart
runs-on: ubuntu-22.04
needs: package-helm
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout Repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
repository: nginxinc/helm-charts
token: ${{ secrets.NGINX_PAT }}
- name: Retrieve latest Helm Chart
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: helm-chart
path: ${{ github.workspace }}/stable
- name: Push Helm Chart
run: |
helm repo index stable --url https://helm.nginx.com/stable
git add -A
git -c user.name='${{ env.GIT_NAME }}' -c user.email='${{ env.GIT_MAIL }}' \
commit -m "NGINX Service Mesh - Release ${{ needs.package-helm.outputs.version }}"
git push -u origin master