From 19d3da136a6dafbcbf7f84f0ba12d6ece7999da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Sun, 27 Oct 2024 21:24:31 +0100 Subject: [PATCH] chore: prepare images for chainsaw tests (#156) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/workflows/codeql.yaml | 4 +-- .github/workflows/ko-publish.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 10 +++---- .github/workflows/semantics-pr.yaml | 2 +- .github/workflows/tests.yaml | 46 ++++++++++++++++++++++++++--- Makefile | 13 +++++++- 7 files changed, 64 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index de81a8c..ddd90b9 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - name: Run Trivy vulnerability scanner in repo mode + - name: Run trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: fs @@ -39,7 +39,7 @@ jobs: vuln-type: os,library env: TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2" - - name: Upload Trivy scan results to GitHub Security tab + - name: Upload trivy scan results uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: trivy-results.sarif diff --git a/.github/workflows/ko-publish.yaml b/.github/workflows/ko-publish.yaml index aadc9e8..0c85359 100644 --- a/.github/workflows/ko-publish.yaml +++ b/.github/workflows/ko-publish.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Go + - name: Setup go uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: go.mod diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 2f0c631..0bd7b95 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Go + - name: Setup go uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: go.mod diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 61c28ef..a17b8e2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -40,18 +40,18 @@ jobs: run: | set -e git fetch --force --tags - - name: Setup Go + - name: Setup go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: go.mod cache-dependency-path: go.sum - - name: Install Cosign + - name: Install cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - - name: Install Syft + - name: Install syft uses: anchore/sbom-action/download-syft@8d0a6505bf28ced3e85154d13dc6af83299e13f1 # v0.17.4 - - name: Install Ko + - name: Install ko uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7 - - name: Run GoReleaser + - name: Run goreleaser id: goreleaser uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 with: diff --git a/.github/workflows/semantics-pr.yaml b/.github/workflows/semantics-pr.yaml index 799af41..f7c3a16 100644 --- a/.github/workflows/semantics-pr.yaml +++ b/.github/workflows/semantics-pr.yaml @@ -35,7 +35,7 @@ jobs: semantics-pr: runs-on: ubuntu-latest steps: - - name: Validate Pull Request + - name: Validate pull request uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 5f91331..6e573a9 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Go + - name: Setup go uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: go.mod @@ -59,26 +59,64 @@ jobs: # env: # CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + prepare-images: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup go + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + with: + go-version-file: go.mod + cache-dependency-path: go.sum + - name: Save image archive + shell: bash + run: | + set -e + make ko-build + make docker-save-image + - name: Upload image archive + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: image.tar + path: image.tar + retention-days: 1 + if-no-files-found: error + e2e-tests-chainsaw: runs-on: ubuntu-latest + needs: [ prepare-images ] steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup Go + - name: Setup go uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: go.mod cache-dependency-path: go.sum - - name: Install Cosign + - name: Install helm + id: helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + - name: Install cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install chainsaw uses: kyverno/action-install-chainsaw@d311eacde764f806c9658574ff64c9c3b21f8397 # v0.2.11 with: verify: true + - name: Download image archive + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: image.tar + - name: Create kind cluster + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + with: + node_image: kindest/node:v1.29.2 + cluster_name: kind - name: Setup test environment run: | set -e - make kind-create-cluster + export HELM=${{ steps.helm.outputs.helm-path }} + make docker-load-image make install-cert-manager make install-cluster-issuer make install-kyverno-sidecar-injector diff --git a/Makefile b/Makefile index ed32205..a2090d4 100644 --- a/Makefile +++ b/Makefile @@ -149,6 +149,18 @@ ko-publish: $(KO) @echo "Publish Docker image with ko..." >&2 @LD_FLAGS=$(LD_FLAGS) KO_DOCKER_REPO=$(REGISTRY)/$(REPO)/$(IMAGE) $(KO) build . --bare --tags=$(KO_TAGS) --platform=$(KO_PLATFORMS) +########## +# DOCKER # +########## + +.PHONY: docker-save-image +docker-save-image: ## Save docker image in archive + @docker save $(KO_REGISTRY)/$(PACKAGE):$(GIT_SHA) > image.tar + +.PHONY: docker-load-image +docker-load-image: ## Load docker image in archive + @docker load --input image.tar + ######## # TEST # ######## @@ -184,7 +196,6 @@ kind-create-cluster: $(KIND) .PHONY: kind-load-image kind-load-image: ## Build image and load it in kind cluster kind-load-image: $(KIND) -kind-load-image: ko-build @echo Load image in kind... >&2 @$(KIND) load docker-image $(KO_REGISTRY)/$(PACKAGE):$(GIT_SHA)