CI/CD workflows

[guicassolato]

We want to improve automation in all repos for the Kuadrant components. We're aiming for:

1. good coverage of automation tasks related to code style, testing, CD/CD (image builds, releases), etc
2. consistency across components
3. automation as manageable code – i.e. less mouse clicks across scaterred UI "settings" pages and more Gitops, more YAMLs hosted as part of a code base.

As part of a preliminary investigation (Kuadrant/kuadrant-operator#21) of the current state of such automation, the following desired workflows and corresponding state for the Authorino repo were identified. Please review the list below.

• A. Linters & Code style
  • A1. Built-in auto-format (go fmt, go vet, cargo fmt)
  • A2. 3rd-party linters (Reviewdog, golangci-lint, Clippy - Trailing whitespaces, EOF newline, Language-specific)
  • A3. Spelling (client9/misspell)
  • A4. Language (Woke)
• B. Tests
  • B1. Unit tests (go test, cargo test)
  • B2. End-to-end tests (build an image → deploy → run integration tests)
  • B3. Smoke tests (deploy image from quay.io/kuadrant → run integration tests)
  • B4. Performance & Benchmarks
• C. CI/CD
  • C1. Build and push image to quay.io/kuadrant
  • C2. Deploy (shared Kubernetes/OpenShift cluster in the cloud)
• D. Release
  • D1. Release (tag, version)
• E. Code scan (vulnerability, dependency updates)
  • E1. Dependabot alerts
  • E2. Dependabot version updates
  • E3. Dependabot security updates
  • E4. Code vulnerability scan (CodeQL, Red Hat Dependency Analytics)
  • E5. Static Code Analysis (SonarQube)
• F. Badges
  • F1. Test status & coverage
  • F2. Code analysis (dependencies, security)

Workflows do not have to be implemented exactly as in the list. The list is just a driver for the kind of tasks we want to cover. Each component should assess it as it makes sense, considering the component's specificities. More details in the original epic: Kuadrant/kuadrant-operator#21.

You may also want to use this issue to reorganize how current workflows are implemented, thus helping us make the whole thing consistent across components.

[guicassolato]

An idea of how to organise this:

Name	File (.github/workflows/)	Trigger	Scope (path filter)1	Steps
Code Style	code-style.yaml	PR	**/*.go *.mod *.sum	"Check out the code" "Set up Go environment" "Install dependencies" (goimports, reviewdog) "Linting" (golangci/golangci-lint-action@v2) "Code format" (gofmt) "Code format (imports)" (goimports) "Verify diff" (git diff)
Language	language.yaml	PR	**	"Check out the code" "Set up Go environment" "Install dependencies" (reviewdog, client9/misspell) "Check language" (reviewdog:woke) "Check spelling" (client9/misspell) "Check trailing white spaces" (reviewdog) "Check EOF" (reviewdog)
Unit Tests	unit-testing.yaml	PR Pushes to main and release/* branches	**/*.go *.mod *.sum **/*.yaml **/*.sh Makefile **/*.mk	"Check out the code" "Set up Go environment" "Run the tests" (make test)
Unit Benchmarks	unit-benchmarks.yaml	Pushes to main and release/* branches Manual	**/*.go *.mod *.sum **/*.yaml **/*.sh Makefile **/*.mk	"Check out the code" "Set up Go environment" "Run the tests" (make benchmarks)
End-to-end Tests	e2e-tests.yaml	Pushes to main and release/* branches Manual	!docs/** !**/*.md !**/*.adoc !LICENCE !PROJECT	"Check out the code" "Set up Go environment" "Install dependencies" (jq) "Run the tests" (make e2e)
Smoke Tests	smoke-tests.yaml	'Build Images'	N/A	"Install dependencies" (kind, jq) "Create Kubernetes cluster" "Setup the environment" (namespaces, apps, operators, CRDs, RBAC, etc) "Deploy the component" (image published to registry) "Run the tests" (e2e)
Performance Tests	performance-tests.yaml	Manual	N/A	"Install dependencies" (kind, jq) "Create Kubernetes cluster" "Setup the environment" (namespaces, apps, operators, CRDs, RBAC, etc) "Deploy the component" "Run the tests" (benchmarks)
Build Images	build-images.yaml	Pushes to main and release/* branches 'Release'	**	"Check out the code" "Install dependencies" (qemu) Add tags ('latest', sanitized branch name) "Build the image" (redhat-actions/buildah-build@v2) "Push the image to registry" (redhat-actions/push-to-registry@v2)
Deploy	deploy.yaml	'Smoke Tests' Manual	N/A	"Amend the environment" (namespaces, apps, operators, CRDs, RBAC, etc) "(Re)deploy the component" "Run the tests" (e2e)
Release	release.yaml	Manual	N/A	"Tag and publish the release"

¹ PRs and pushes only (ref).

TBD: Workflows related to Code scan (vulnerability and dependency updates) and Badges.