Skip to content

build(deps): bump actions/upload-artifact and actions/download-artifact from 3 to 4 #720

build(deps): bump actions/upload-artifact and actions/download-artifact from 3 to 4

build(deps): bump actions/upload-artifact and actions/download-artifact from 3 to 4 #720

Workflow file for this run

name: Pull Request
on: [pull_request]
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: setup go
uses: actions/setup-go@v5
with:
go-version: 1.20.x
- name: checkout
uses: actions/checkout@v4
- name: lint go
uses: golangci/golangci-lint-action@v3
with:
version: v1.52
args: --timeout=5m --color=always --max-same-issues=0 --max-issues-per-linter=0
acceptance:
name: Acceptance
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: setup go
uses: actions/setup-go@v5
with:
go-version: 1.20.x
- name: checkout source
uses: actions/checkout@v4
- name: build
run: make build
- name: upload build
uses: actions/upload-artifact@v4
with:
name: konstraint-${{ matrix.os }}
path: build/konstraint
- name: unit tests
run: make test
- name: install bats ubuntu
run: sudo npm install -g bats
if: ${{ matrix.os == 'ubuntu-latest' }}
- name: install bats macos
run: sudo npm install -g bats
if: ${{ matrix.os == 'macos-latest' }}
- name: install bats windows
run: npm install -g bats
if: ${{ matrix.os == 'windows-latest' }}
- name: acceptance tests *nix
run: make acceptance
if: ${{ matrix.os != 'windows-latest' }}
- name: acceptance tests windows
run: |
$env:Path += ";C:\npm\prefix\node_modules\bats\libexec\bats-core"
make acceptance
if: ${{ matrix.os == 'windows-latest' }}
docker-tests:
name: Docker Tests
needs: [lint]
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: docker build
run: make docker-build
- name: test create command
run: docker run -v $PWD:/konstraint konstraint create /konstraint/examples
- name: test doc command
run: docker run -v $PWD:/konstraint konstraint doc /konstraint/examples
policy-checks:
name: Policy Checks
runs-on: ubuntu-latest
steps:
- name: checkout source
uses: actions/checkout@v4
- name: setup opa
uses: open-policy-agent/setup-opa@v2
with:
version: latest
- name: opa check strict
run: opa check --strict --ignore "*.yaml" examples
- name: setup regal
uses: styrainc/[email protected]
with:
version: 0.12.0
- name: regal lint
run: regal lint --format github examples
policy-tests:
name: Policy Tests
runs-on: ubuntu-latest
container: openpolicyagent/conftest:latest
steps:
- name: checkout source
uses: actions/checkout@v4
- name: verify policy formatting
run: conftest fmt --check examples
- name: verify policies
run: conftest verify -p examples -d examples/test-data
e2e-prep:
name: Prep for End-to-end Tests
runs-on: ubuntu-latest
needs:
- lint
- acceptance
steps:
- name: checkout source
uses: actions/checkout@v4
- name: fetch gatekeeper versions
id: fetch-gk-versions
working-directory: .github/scripts
run: echo "gk-versions=$(./fetch_gk_versions.sh)" >> $GITHUB_OUTPUT
outputs:
gk-versions: ${{ steps.fetch-gk-versions.outputs.gk-versions }}
e2e:
name: End-to-end Tests
runs-on: ubuntu-latest
needs:
- e2e-prep
strategy:
matrix:
gk-version: ${{ fromJson(needs.e2e-prep.outputs.gk-versions) }}
steps:
- name: checkout source
uses: actions/checkout@v4
- name: download build
uses: actions/download-artifact@v3
with:
name: konstraint-ubuntu-latest
- name: generate resources
run: |
chmod +x ./konstraint
./konstraint create -o e2e-resources examples
./konstraint create -o e2e-resources test
- name: create kind cluster
run: kind create cluster
- name: install gatekeeper
env:
GK_VERSION: ${{ matrix.gk-version }}
run: |
helm repo add gk https://open-policy-agent.github.io/gatekeeper/charts
kubectl create ns gatekeeper-system
helm install gatekeeper gk/gatekeeper -n gatekeeper-system --set replicas=1 --version ${GK_VERSION} --set psp.enabled=false
- name: apply resources
working-directory: e2e-resources
run: |
for ct in $(ls template*); do kubectl apply -f $ct; done
sleep 60 # gatekeeper takes some time to create the CRDs
for c in $(ls constraint*); do kubectl apply -f $c; done