From 6004f4bfb00d614e51d1e5c48fd1094c1bb1e862 Mon Sep 17 00:00:00 2001 From: drivebyer Date: Wed, 11 Sep 2024 17:45:41 +0800 Subject: [PATCH 1/5] ci: add helm docs test action Signed-off-by: drivebyer --- .github/workflows/ci.yaml | 112 ++++++++++++++++++------ .github/workflows/validate-example.yaml | 41 --------- 2 files changed, 86 insertions(+), 67 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 550d7ebdc..8a37aaf29 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,11 +19,26 @@ env: DOCKERFILE_PATH: "**/Dockerfile" jobs: - gotest: - name: Go Test + lint: runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + cache: false + + - name: Run GolangCI-Lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.54.0 + + gotest: needs: - lint + name: Go Test + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go @@ -41,20 +56,77 @@ jobs: fail_ci_if_error: false verbose: true - lint: + helm_docs_test: + needs: [lint] + name: Helm Docs Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 + - uses: actions/checkout@v3 with: - go-version: ${{ env.GOLANG_VERSION }} - cache: false + ref: ${{ github.event.pull_request.head.ref }} - - name: Run GolangCI-Lint - uses: golangci/golangci-lint-action@v6 + - name: Render helm docs inside the README.md and push changes back to PR branch + uses: shaybentk/helm-docs-action@v0.0.1 with: - version: v1.54.0 + working-dir: charts + git-push: "false" + fail-on-diff: "true" + + validate_examples: + needs: [gotest] + name: Validate Examples + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install yamllint + run: sudo apt-get install -y yamllint + + - name: Lint YAML files + run: yamllint --strict ./example + + - name: Install kubectl + run: | + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + sudo mv kubectl /usr/local/bin/ + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.10.0 + with: + cluster_name: kind + + - name: Apply CRD + run: | + for crd in $(find ./config/crd/bases -type f -name '*.yaml'); do + kubectl create -f $crd + done + + - name: Validate CRD Installation + run: | + CRDs=("redis" "redissentinels" "redisclusters" "redisreplications") + for crd in "${CRDs[@]}"; do + kubectl get crd $crd.redis.redis.opstreelabs.in || exit 1 + done + + - name: Validate CR + run: | + for example in $(find ./example -type f -name '*.yaml'); do + kubectl apply --dry-run=server -f $example + done + + validate_yaml: + needs: [validate_examples] + name: Validate YAML + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install yamllint + run: sudo apt-get install -y yamllint + - name: Lint YAML files + run: yamllint --strict ./tests/ container_quality_dockerfile_lint: runs-on: ubuntu-latest @@ -89,6 +161,7 @@ jobs: run: | mkdir -p ${{ github.workspace }}/compiled/${{ matrix.arch }} zip ${{ github.workspace }}/compiled/${{ matrix.arch }}/${{ env.APPLICATION_NAME }}-${{ matrix.arch }}.zip ${{ github.workspace }}/${{ env.APPLICATION_NAME }} + build_scan_container_image: needs: [container_quality_dockerfile_lint] runs-on: ubuntu-latest @@ -121,21 +194,8 @@ jobs: GOSEC_OUTPUT: "junit-xml:/github/workspace/gosec-results.xml" - validate-yaml: - name: Validate YAML - runs-on: ubuntu-latest - needs: - - gotest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Install yamllint - run: sudo apt-get install -y yamllint - - name: Lint YAML files - run: yamllint --strict ./tests/ - - e2e-test: - needs: [validate-yaml] + e2e_test: + needs: [validate_yaml] name: ${{ matrix.testpath }} runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/validate-example.yaml b/.github/workflows/validate-example.yaml index 2bfba3120..40814b31d 100644 --- a/.github/workflows/validate-example.yaml +++ b/.github/workflows/validate-example.yaml @@ -9,44 +9,3 @@ on: - master jobs: - validate-examples: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install yamllint - run: sudo apt-get install -y yamllint - - - name: Lint YAML files - run: yamllint --strict ./example - - - name: Install kubectl - run: | - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x kubectl - sudo mv kubectl /usr/local/bin/ - - - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.10.0 - with: - cluster_name: kind - - - name: Apply CRD - run: | - for crd in $(find ./config/crd/bases -type f -name '*.yaml'); do - kubectl create -f $crd - done - - - name: Validate CRD Installation - run: | - CRDs=("redis" "redissentinels" "redisclusters" "redisreplications") - for crd in "${CRDs[@]}"; do - kubectl get crd $crd.redis.redis.opstreelabs.in || exit 1 - done - - - name: Validate CR - run: | - for example in $(find ./example -type f -name '*.yaml'); do - kubectl apply --dry-run=server -f $example - done \ No newline at end of file From 55693b052942f36ed9673b1aa2f2833c0d4bb07e Mon Sep 17 00:00:00 2001 From: drivebyer Date: Wed, 11 Sep 2024 18:01:16 +0800 Subject: [PATCH 2/5] update Signed-off-by: drivebyer --- .github/workflows/ci.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8a37aaf29..9f8ffe1dd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,9 +61,7 @@ jobs: name: Helm Docs Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.ref }} + - uses: actions/checkout@v4 - name: Render helm docs inside the README.md and push changes back to PR branch uses: shaybentk/helm-docs-action@v0.0.1 From 518fa6449874f45743ba7e094a70429db13579e7 Mon Sep 17 00:00:00 2001 From: drivebyer Date: Wed, 11 Sep 2024 18:06:52 +0800 Subject: [PATCH 3/5] update Signed-off-by: drivebyer --- .github/workflows/ci.yaml | 2 +- charts/redis-operator/README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9f8ffe1dd..3083660d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -71,7 +71,7 @@ jobs: fail-on-diff: "true" validate_examples: - needs: [gotest] + needs: [gotest, helm_docs_test] name: Validate Examples runs-on: ubuntu-latest steps: diff --git a/charts/redis-operator/README.md b/charts/redis-operator/README.md index 27e9a019f..23d0c0ea6 100644 --- a/charts/redis-operator/README.md +++ b/charts/redis-operator/README.md @@ -108,6 +108,7 @@ kubectl create secret tls --key tls.key --cert tls.crt -n | redisOperator.extraArgs | list | `[]` | | | redisOperator.imageName | string | `"ghcr.io/ot-container-kit/redis-operator/redis-operator"` | | | redisOperator.imagePullPolicy | string | `"Always"` | | +| redisOperator.imagePullSecrets | list | `[]` | | | redisOperator.imageTag | string | `""` | | | redisOperator.name | string | `"redis-operator"` | | | redisOperator.podAnnotations | object | `{}` | | From 3d930b407fce6764970c9e8db8ee5d250210f4fe Mon Sep 17 00:00:00 2001 From: drivebyer Date: Thu, 12 Sep 2024 10:48:15 +0800 Subject: [PATCH 4/5] update Signed-off-by: drivebyer --- .github/workflows/ci.yaml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3083660d0..fe4c474a8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,14 +61,23 @@ jobs: name: Helm Docs Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - - name: Render helm docs inside the README.md and push changes back to PR branch - uses: shaybentk/helm-docs-action@v0.0.1 + - name: Checkout + uses: actions/checkout@v3 with: - working-dir: charts - git-push: "false" - fail-on-diff: "true" + ref: ${{ github.event.pull_request.head.sha }} + + - name: Ensure documentation is updated + uses: docker://jnorwood/helm-docs:latest + + - name: Check for changes + run: | + if git diff --exit-code; then + echo -e "\n####### Helm docs are up-to-date! #######\n" + else + git status + echo -e "\n####### Helm docs are not up-to-date! Please run generate helm docs locally and push the changes #######\n" + exit 1 + fi validate_examples: needs: [gotest, helm_docs_test] From faede82942ac73995896e91c547962d5bed5874c Mon Sep 17 00:00:00 2001 From: drivebyer Date: Thu, 12 Sep 2024 11:07:12 +0800 Subject: [PATCH 5/5] update Signed-off-by: drivebyer --- .github/workflows/publish-image.yaml | 76 ++++++++++++++++++++++++- .github/workflows/release-images.yaml | 73 ------------------------ .github/workflows/validate-example.yaml | 11 ---- 3 files changed, 75 insertions(+), 85 deletions(-) delete mode 100644 .github/workflows/release-images.yaml delete mode 100644 .github/workflows/validate-example.yaml diff --git a/.github/workflows/publish-image.yaml b/.github/workflows/publish-image.yaml index eb0e4c14f..d65008f35 100644 --- a/.github/workflows/publish-image.yaml +++ b/.github/workflows/publish-image.yaml @@ -42,4 +42,78 @@ jobs: tags: | ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/redis-operator:${{ env.TAG }} ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/redis-operator:latest - platforms: linux/amd64,linux/arm64 \ No newline at end of file + platforms: linux/amd64,linux/arm64 + +# name: Release container images +# on: +# pull_request: +# types: [closed] +# branches: +# - master + +# env: +# APPLICATION_NAME: redis-operator +# QuayImageName: quay.io/opstree/redis-operator +# APP_VERSION: "v0.15.2" +# DOCKERFILE_PATH: './Dockerfile' + +# jobs: +# release_image: +# if: github.event.pull_request.merged == true +# runs-on: ubuntu-latest +# environment: release-image +# steps: +# - name: Checkout +# uses: actions/checkout@v2 + +# - name: Set up Docker Buildx +# uses: docker/setup-buildx-action@v2 + +# - name: Set up QEMU +# uses: docker/setup-qemu-action@v3 + +# - name: Login to Quay.io +# uses: docker/login-action@v3 +# with: +# registry: quay.io +# username: ${{ secrets.QUAY_USERNAME }} +# password: ${{ secrets.QUAY_PASSWORD }} + +# - name: Build and push multi-arch latest image +# uses: docker/build-push-action@v2 +# with: +# context: . +# file: ${{ env.DOCKERFILE_PATH }} +# platforms: linux/amd64,linux/arm64 +# push: true +# tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest + +# trivy_scan: +# needs: [release_image] +# runs-on: ubuntu-latest +# steps: +# - name: Checkout +# uses: actions/checkout@v2 +# - name: Run Trivy vulnerability scanner for arm64 image +# uses: aquasecurity/trivy-action@master + +# - name: Run Trivy vulnerability scanner for multi-arch image +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }} +# format: 'template' +# template: '@/contrib/sarif.tpl' +# output: 'trivy-results-latest.sarif' +# exit-code: '1' +# ignore-unfixed: true +# severity: 'CRITICAL,HIGH' +# - name: Run Trivy vulnerability scanner for latest image +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: ${{ env.QuayImageName }}:latest +# format: 'template' +# template: '@/contrib/sarif.tpl' +# output: 'trivy-results-latest.sarif' +# exit-code: '1' +# ignore-unfixed: true +# severity: 'CRITICAL,HIGH' \ No newline at end of file diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml deleted file mode 100644 index d956d2cb7..000000000 --- a/.github/workflows/release-images.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# name: Release container images -# on: -# pull_request: -# types: [closed] -# branches: -# - master - -# env: -# APPLICATION_NAME: redis-operator -# QuayImageName: quay.io/opstree/redis-operator -# APP_VERSION: "v0.15.2" -# DOCKERFILE_PATH: './Dockerfile' - -# jobs: -# release_image: -# if: github.event.pull_request.merged == true -# runs-on: ubuntu-latest -# environment: release-image -# steps: -# - name: Checkout -# uses: actions/checkout@v2 - -# - name: Set up Docker Buildx -# uses: docker/setup-buildx-action@v2 - -# - name: Set up QEMU -# uses: docker/setup-qemu-action@v3 - -# - name: Login to Quay.io -# uses: docker/login-action@v3 -# with: -# registry: quay.io -# username: ${{ secrets.QUAY_USERNAME }} -# password: ${{ secrets.QUAY_PASSWORD }} - -# - name: Build and push multi-arch latest image -# uses: docker/build-push-action@v2 -# with: -# context: . -# file: ${{ env.DOCKERFILE_PATH }} -# platforms: linux/amd64,linux/arm64 -# push: true -# tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest - -# trivy_scan: -# needs: [release_image] -# runs-on: ubuntu-latest -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# - name: Run Trivy vulnerability scanner for arm64 image -# uses: aquasecurity/trivy-action@master - -# - name: Run Trivy vulnerability scanner for multi-arch image -# uses: aquasecurity/trivy-action@master -# with: -# image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }} -# format: 'template' -# template: '@/contrib/sarif.tpl' -# output: 'trivy-results-latest.sarif' -# exit-code: '1' -# ignore-unfixed: true -# severity: 'CRITICAL,HIGH' -# - name: Run Trivy vulnerability scanner for latest image -# uses: aquasecurity/trivy-action@master -# with: -# image-ref: ${{ env.QuayImageName }}:latest -# format: 'template' -# template: '@/contrib/sarif.tpl' -# output: 'trivy-results-latest.sarif' -# exit-code: '1' -# ignore-unfixed: true -# severity: 'CRITICAL,HIGH' \ No newline at end of file diff --git a/.github/workflows/validate-example.yaml b/.github/workflows/validate-example.yaml deleted file mode 100644 index 40814b31d..000000000 --- a/.github/workflows/validate-example.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: Validate Examples - -on: - pull_request: - branches: - - master - push: - branches: - - master - -jobs: