Merge pull request #10 from spectrocloud-labs/chore-add-release-test

TylerGillson · web-flow · commit b31d6267b96f · 2024-04-30T09:10:25.000-06:00
chore: add github workflows
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,111 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+      - '[0-9]+.[0-9]+.x'
+  workflow_dispatch:
+
+env:
+  REGISTRY: quay.io
+  GITHUB_PAGES_BRANCH: gh_pages
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  release-please:
+    permissions:
+      contents: write  # for google-github-actions/release-please-action to create release commit
+      pull-requests: write  # for google-github-actions/release-please-action to create release PR
+    runs-on: [self-hosted, Linux, X64, validator]
+    outputs:
+      releases_created: ${{ steps.release.outputs.releases_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
+    # Release-please creates a PR that tracks all changes
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
+        id: release
+        with:
+          command: manifest
+          token: ${{secrets.PAT}}
+          default-branch: main
+
+  release-charts:
+    needs: release-please
+    permissions:
+      contents: write
+    runs-on: [self-hosted, Linux, X64, validator]
+    if: needs.release-please.outputs.releases_created == 'true'
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - name: Publish Helm chart
+        uses: stefanprodan/helm-gh-pages@master
+        with:
+          token: ${{ secrets.PAT }}
+          charts_dir: chart
+          owner: spectrocloud-labs
+          branch: ${{ env.GITHUB_PAGES_BRANCH }}
+          commit_username: spectrocloud-labs-bot
+          commit_email: bot@noreply.spectrocloud-labs.io
+          
+  build-container:
+    if: needs.release-please.outputs.releases_created == 'true'
+    needs:
+      - release-please
+    runs-on: [self-hosted, Linux, X64, validator]
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+    env:
+      IMAGE_TAG: quay.io/spectrocloud-labs/validator-plugin-kubescape:${{ needs.release-please.outputs.tag_name }}
+      IMAGE_NAME: validator-plugin-kubescape
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          submodules: recursive
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
+        with:
+          registry: "quay.io"
+          username: tgillson
+          password: ${{ secrets.QUAY_TOKEN }}
+
+      - name: Build Docker Image
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          target: production
+          tags: |
+            ${{ env.IMAGE_TAG }}
+          builder: ${{ steps.buildx.outputs.name }}
+          push: true
+          cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
+          cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b # v0.15.9
+        with:
+          image: ${{ env.IMAGE_TAG }}
+          artifact-name: sbom-${{ env.IMAGE_NAME }}
+          output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json
+
+      - name: Attach SBOM to release
+        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2
+        with:
+          tag_name: ${{ needs.release-please.outputs.tag_name }}
+          files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,84 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: test-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test-unit:
+    name: Run Unit Tests
+    runs-on: [self-hosted, Linux, X64, validator]
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        with:
+          go-version-file: go.mod
+
+      - name: Test
+        run: make test
+
+      - name: Workaround for https://github.com/codecov/feedback/issues/263
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Codecov
+        uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4
+        with:
+          file: ./cover.out
+          fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  test-chart:
+    name: Run Helm Chart Tests
+    runs-on: [self-hosted, Linux, X64, validator]
+    if: "!(contains(github.head_ref, 'release-please') || contains(github.ref, 'release-please'))"
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4
+        with:
+          version: v3.11.2
+
+      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          set -ex
+          changed=$(ct list-changed --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }})
+          echo $changed
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          cd $GITHUB_WORKSPACE
+          ct lint --validate-maintainers=false --check-version-increment=false --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
+
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --chart-dirs chart  --target-branch ${{ github.event.repository.default_branch }}
