Create workable-0.10.4 release #25
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: External Secrets Workable CI | |
| on: | |
| push: | |
| branches: | |
| - workable-* | |
| tags: | |
| - workable-* | |
| pull_request: {} | |
| env: | |
| # Common versions | |
| GOLANGCI_VERSION: 'v1.60.1' | |
| KUBERNETES_VERSION: '1.31.x' | |
| permissions: | |
| contents: read | |
| jobs: | |
| detect-noop: | |
| permissions: | |
| actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs | |
| contents: read # for fkirc/skip-duplicate-actions to read and compare commits | |
| runs-on: ubuntu-latest | |
| outputs: | |
| noop: ${{ steps.noop.outputs.should_skip }} | |
| steps: | |
| - name: Detect No-op Changes | |
| id: noop | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
| do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
| concurrent_skipping: false | |
| lint: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | |
| with: | |
| version: ${{ env.GOLANGCI_VERSION }} | |
| skip-pkg-cache: true | |
| skip-build-cache: true | |
| check-diff: | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Check Diff | |
| run: | | |
| make check-diff | |
| unit-tests: | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Cache envtest binaries | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: bin/k8s | |
| key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} | |
| - name: Run Unit Tests | |
| run: | | |
| make test | |
| - name: Publish Unit Test Coverage | |
| if: false | |
| uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| flags: unittests | |
| file: ./cover.out | |
| publish-artifacts: | |
| needs: [lint, check-diff, unit-tests] | |
| if: ${{ needs.detect-noop.outputs.noop != 'true' && startsWith(github.ref, 'refs/tags/workable-') }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| environment: Workable | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Get image tag | |
| id: container-info | |
| run: | | |
| echo "image-tag=${GITHUB_REF#refs/tags/workable-/}" >> $GITHUB_OUTPUT | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Build image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.1 | |
| with: | |
| context: . | |
| file: Dockerfile.standalone | |
| push: false | |
| tags: Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| provenance: false | |
| # DISTRIBUTION OF SRE IMAGE | |
| - name: Login to sre registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.SRE_GCR_SA }} | |
| - name: Copy image to sre registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/sre-artifacts-20e4/gcr.io | |
| run: | | |
| docker buildx imagetools create \ | |
| --tag ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF STAGING IMAGE | |
| - name: Login to staging registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.STAGING_GCR_SA }} | |
| - name: Copy image to staging registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/staging-artifacts-786a/gcr.io | |
| run: | | |
| docker buildx imagetools create \ | |
| --tag ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF PRODUCTION IMAGE | |
| - name: Login to production registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.PRODUCTION_GCR_SA }} | |
| - name: Copy image to production registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/production-artifacts-0b0d/gcr.io | |
| run: | | |
| docker buildx imagetools create \ | |
| --tag ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} |