create uniq dir when cloning repo (#49) #257
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
permissions: | |
# Allow action to write raw configs back to the repository. | |
contents: write | |
# Run commits in order to prevent out of order write back commits. | |
concurrency: | |
group: ${{ github.head_ref || github.ref_name }} | |
cancel-in-progress: false | |
jobs: | |
shellcheck: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install ShellCheck | |
run: sudo apt-get install shellcheck | |
- name: Run ShellCheck test script | |
run: shellcheck -x -s bash .github/workflows/scripts/*.sh | |
go: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.22 | |
- name: Go Test | |
run: go test ./... | |
- name: Run Gosec Security Scanner | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
go install github.com/securego/gosec/v2/cmd/[email protected] | |
gosec ./... | |
- name: Go Build | |
working-directory: cmd/action | |
run: CGO_ENABLED=0 go build | |
# Scan binaries for invalid 3rd party licenses | |
- name: Scan Binary | |
working-directory: cmd/action | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
go install github.com/uw-labs/[email protected] | |
lichen --config=../../.github/license.yaml action | |
test: | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
# This matrix allows us to test multiple bindplane versions. | |
# When writing back to the repo, we write to directories based | |
# on the bindplane version. | |
bindplane_versions: | |
- 1.45.0 # keep | |
- 1.55.0 # keep | |
- 1.59.0 # organizations and projects | |
- 1.65.0 | |
- 1.71.0 | |
- 1.73.0 | |
- 1.76.0 | |
- 1.81.0 | |
- latest # keep | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Detect Runner IP | |
run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV | |
- name: Print Runner IP | |
run: echo $MAIN_IP | |
# https://smallstep.com/docs/step-cli/installation/ | |
- name: Install Step CLI | |
run: | | |
wget https://dl.smallstep.com/cli/docs-cli-install/latest/step-cli_amd64.deb | |
sudo dpkg -i step-cli_amd64.deb | |
- name: Generate TLS Certs | |
run: ./.github/workflows/scripts/tls.sh | |
env: | |
MAIN_IP: ${{ env.MAIN_IP }} | |
- name: Set CA certificate | |
run: | | |
{ | |
echo 'TLS_CA_CERT<<EOF' | |
cat step/ca.crt | |
echo EOF | |
} >> "$GITHUB_ENV" | |
- name: Pull BindPlane | |
run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }} | |
- name: Start BindPlane | |
run: | | |
docker run \ | |
-d \ | |
--name bindplane \ | |
-e BINDPLANE_USERNAME=admin \ | |
-e BINDPLANE_PASSWORD=admin \ | |
-e BINDPLANE_REMOTE_URL=https://${MAIN_IP}:3001 \ | |
-e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \ | |
-e BINDPLANE_LOG_OUTPUT=stdout \ | |
-e BINDPLANE_ACCEPT_EULA=true \ | |
-e BINDPLANE_TLS_CERT=/bindplane.crt \ | |
-e BINDPLANE_TLS_KEY=/bindplane.key \ | |
-e BINDPLANE_LICENSE="${BINDPLANE_LICENSE}" \ | |
-p 3001:3001 \ | |
-v $(pwd)/step/bindplane.crt:/bindplane.crt \ | |
-v $(pwd)/step/bindplane.key:/bindplane.key \ | |
-v $(pwd)/step/ca.crt:/ca.crt \ | |
ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }} | |
env: | |
BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
- name: Init BindPlane Account or Organization | |
uses: nick-fields/retry@v2 | |
with: | |
timeout_minutes: 1 | |
polling_interval_seconds: 2 | |
max_attempts: 3 | |
shell: bash | |
command: .github/workflows/scripts/init.sh ${{ matrix.bindplane_versions }} | |
- name: Run BindPlane Action | |
# This should be replaced with a release action. | |
# <organization>/<repository>@<tag> | |
uses: ./ | |
with: | |
# These values are hardcode to match the test instance used by | |
# this workflow. The instance does not persist. Consumers of | |
# this action should always use secrets when passing in the remote | |
# url, bindplane_username, bindplane_password or api key. | |
# | |
# Remote url will never be localhost when running this action. The action | |
# executes in a container and localhost will always be the container's network | |
# and not the network of the bindplane instance, even if that instance | |
# is running within this runner. | |
bindplane_remote_url: https://${{ env.MAIN_IP }}:3001 | |
bindplane_username: admin | |
bindplane_password: admin | |
destination_path: test/resources/destinations/resource.yaml | |
configuration_path: test/resources/configurations/resource.yaml | |
configuration_output_dir: test/otel/${{ matrix.bindplane_versions }} | |
configuration_output_branch: otel-raw-configs | |
target_branch: main | |
# Token should have contents: write permissions | |
token: ${{ secrets.GITHUB_TOKEN }} | |
enable_otel_config_write_back: true | |
enable_auto_rollout: true | |
# Generally this would come from a secret, but the certificate | |
# was created in this workflow. | |
tls_ca_cert: ${{ env.TLS_CA_CERT }} | |
- name: Get Resources | |
if: always() | |
run: | | |
docker exec bindplane /bindplane get destinations --tls-ca /ca.crt | |
docker exec bindplane /bindplane get configurations --tls-ca /ca.crt | |
- name: Debug Container Logs | |
if: always() | |
run: docker logs bindplane |