Skip to content

Modernize Crossplane conformance suite #89

Modernize Crossplane conformance suite

Modernize Crossplane conformance suite #89

Workflow file for this run

name: CI
on:
push:
branches:
- main
- release-*
pull_request: {}
workflow_dispatch: {}
env:
# Common versions
GO_VERSION: '1.23.2'
GOLANGCI_VERSION: 'v1.61.0'
DOCKER_BUILDX_VERSION: 'v0.11.2'
# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}
jobs:
detect-noop:
runs-on: ubuntu-24.04
outputs:
noop: ${{ steps.noop.outputs.should_skip }}
steps:
- name: Detect No-op Changes
id: noop
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
paths_ignore: '["**.md", "**.png", "**.jpg"]'
do_not_skip: '["workflow_dispatch", "schedule", "push"]'
concurrent_skipping: false
lint:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(make go.cachedir)"
- name: Cache the Go Build Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-lint-
- name: Cache Go Dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Download Go Modules
run: make modules.download modules.check
# We could run 'make lint' to ensure our desired Go version, but we prefer
# this action because it leaves 'annotations' (i.e. it comments on PRs to
# point out linter violations).
- name: Lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6
with:
version: ${{ env.GOLANGCI_VERSION }}
skip-cache: true # We do our own caching.
check-diff:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(make go.cachedir)"
- name: Cache the Go Build Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-check-diff-
- name: Cache Go Dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Download Go Modules
run: make modules.download modules.check
- name: Check Diff
run: make check-diff
codeql:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(make go.cachedir)"
- name: Cache the Go Build Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-codeql-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-codeql-
- name: Cache Go Dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Download Go Modules
run: make modules.download modules.check
- name: Initialize CodeQL
uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3
with:
languages: go
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3
trivy-scan-fs:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
with:
scan-type: 'fs'
ignore-unfixed: true
scan-ref: '.'
exit-code: '1'
severity: 'CRITICAL,HIGH'
publish-artifacts:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: all
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.DOCKER_BUILDX_VERSION }}
install: true
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(make go.cachedir)"
- name: Cache the Go Build Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-publish-artifacts-
- name: Cache Go Dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Download Go Modules
run: make modules.download modules.check
- name: Build Artifacts
run: make -j2 build.all
env:
# We're using docker buildx, which doesn't actually load the images it
# builds by default. Specifying --load does so.
BUILD_ARGS: "--load"
- name: Publish Artifacts to GitHub
uses: actions/upload-artifact@v4
with:
name: output
path: _output/**
- name: Login to Docker
uses: docker/login-action@v3
if: env.DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
- name: Publish Artifacts to S3 and Docker Hub
run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/}
if: env.AWS_USR != '' && env.DOCKER_USR != ''
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCS_GIT_USR: ${{ secrets.UPBOUND_BOT_GITHUB_USR }}
DOCS_GIT_PSW: ${{ secrets.UPBOUND_BOT_GITHUB_PSW }}
- name: Promote Artifacts in S3 and Docker Hub
if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.DOCKER_USR != ''
run: make -j2 promote
env:
BRANCH_NAME: master
CHANNEL: master
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
publish-test-configuration:
runs-on: ubuntu-24.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
fetch-depth: 0
# The tagger step uses the same logic in the build submodule to generate package tag
# https://github.com/upbound/build/blob/4f64913157a952dbe77cd9e05457d9abe695a1d4/makelib/common.mk#L193
- name: Set Tag
run: echo "::set-output name=VERSION_TAG::$(git describe --dirty --always --tags | sed 's/-/./2' | sed 's/-/./2' )"
id: tagger
- name: Login to Docker
uses: docker/login-action@v3
if: env.DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
- name: Build
uses: crossplane-contrib/xpkg-action@master
with:
channel: stable
version: current
command: xpkg build -f testdata/configuration -o conformance.xpkg
- name: Push
uses: crossplane-contrib/xpkg-action@master
if: env.DOCKER_USR != ''
with:
command: xpkg push -f testdata/configuration/conformance.xpkg crossplane/conformance-testdata-configuration:${{ steps.tagger.outputs.VERSION_TAG }}
- name: Push Latest
uses: crossplane-contrib/xpkg-action@master
if: env.DOCKER_USR != ''
with:
command: xpkg push -f testdata/configuration/conformance.xpkg crossplane/conformance-testdata-configuration