Skip to content

Mandatory rpm signature scan task #416

Mandatory rpm signature scan task

Mandatory rpm signature scan task #416

#
# Copyright 2022 The GUAC Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: ci-trustification
on:
workflow_dispatch: # testing only, trigger manually to test it works
push:
branches:
- trustification-*
pull_request:
branches:
- trustification-*
types:
- opened
- synchronize
- reopened
permissions:
contents: read
jobs:
# test-integration:
# runs-on: ubuntu-latest
# name: CI for integration tests
# services:
# neo4j:
# image: neo4j:latest # TODO(mihaimaruseac): Pin to hash
# env:
# NEO4J_AUTH: none
# ports:
# - 7687:7687
# postgres:
# image: postgres:16.0@sha256:f007ec48ff3ef9b75dc473d915a3ea3713167ba015340316f6bcabfa86a7b4a6
# env:
# POSTGRES_USER: guac
# POSTGRES_PASSWORD: guac
# options: >-
# --health-cmd pg_isready
# --health-interval 10s
# --health-timeout 5s
# --health-retries 5
# ports:
# - 5432:5432
# arango:
# image: arangodb:latest@sha256:085b45e8c56d5d4114e409482694d40fc8d1678c6b5d98d774bab31193034d6a
# env:
# ARANGO_ROOT_PASSWORD: test123
# ports:
# - 8529:8529
# steps:
# - name: Checkout code
# uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3
# - name: setup-go
# uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v3.2.1
# with:
# go-version: '1.21'
# - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
# with:
# path: ~/go/pkg/mod
# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
# - name: Setup the project
# run: go mod download
# - name: Run integration tests
# env:
# ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
# run: make integration-test
#
test-unit:
runs-on: ubuntu-latest
name: CI for unit tests
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3
- name: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v3.2.1
with:
go-version: '1.21'
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Install atlas
uses: ariga/setup-atlas@v0
with:
version: "v0.25.0"
- name: Setup the project
run: go mod download
- name: Run tests
run: make test
# static-analysis:
# name: Static Analysis
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3
# - name: setup-go
# uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v3.2.1
# with:
# go-version: '1.21'
# - name: Install formatter
# run: go install golang.org/x/tools/cmd/goimports@latest
# - name: Check format
# run: make fmt
# - name: Check that all generated code is up to date
# run: make generated_up_to_date
# lint:
# name: Lint
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3
# - name: setup-go
# uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v4.1.0
# with:
# go-version: '1.21'
# - name: golangci-lint
# uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # tag=v3.2.0
# with:
# only-new-issues: true
# - name: Check markdown format
# run: make format
# - name: Check that all linted text is up to date
# run: make generated_up_to_date
build:
runs-on: ubuntu-latest
name: GO generate/build
steps:
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3
- name: setup-go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v3.2.1
with:
go-version: '1.21'
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Setup the project
run: go mod download
- name: Run generate
run: go generate ./...
- name: Run build
run: go build ./...
end-to-end:
name: E2E Trustification
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16.0@sha256:f007ec48ff3ef9b75dc473d915a3ea3713167ba015340316f6bcabfa86a7b4a6
env:
POSTGRES_USER: guac
POSTGRES_PASSWORD: guac
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
with:
go-version: '~1.21'
- uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
with:
python-version: '3.10'
- run: ./internal/testing/e2e-trustification/e2e
# tilt-ci:
# name: Run 'tilt ci'
# runs-on:
# labels: ubuntu-latest
# timeout-minutes: 30
# steps:
# - name: Install tools
# shell: bash
# run: |
# sudo apt-get install -y git uuid-runtime
#
# # tilt -- https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh
# case $(uname -m) in
# aarch64) ARCH=arm64;;
# armv7l) ARCH=arm;;
# *) ARCH=$(uname -m);;
# esac
# VERSION=0.32.0
# curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$VERSION/tilt.$VERSION.linux.$ARCH.tar.gz | tar -xzvC /usr/local/bin tilt
#
# # helm
# case $(uname -m) in
# aarch64) ARCH=arm64;;
# armv7l) ARCH=arm;;
# x86_64) ARCH=amd64;;
# *) ARCH=$(uname -m);;
# esac
# VERSION=3.12.0
# curl -fsSL https://get.helm.sh/helm-v$VERSION-linux-$ARCH.tar.gz | tar --strip-components=1 -xzvC /usr/local/bin linux-$ARCH/helm
#
# # ctlptl - https://github.com/tilt-dev/ctlptl/blob/main/INSTALL.md
# CTLPTL_VERSION="0.8.19"
# curl -fsSL https://github.com/tilt-dev/ctlptl/releases/download/v$CTLPTL_VERSION/ctlptl.$CTLPTL_VERSION.linux.x86_64.tar.gz | sudo tar -xzv -C /usr/local/bin ctlptl
#
# # kind - https://kind.sigs.k8s.io/docs/user/quick-start/#installing-from-release-binaries
# # For AMD64 / x86_64
# [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-amd64
# # For ARM64
# [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-arm64
# chmod +x ./kind
# sudo mv ./kind /usr/local/bin/kind
# - name: Install GoReleaser
# uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
# with:
# install-only: true
# - name: Checkout code
# uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v3
# - name: setup-go
# uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # tag=v3.2.1
# with:
# go-version: '1.21'
# - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
# with:
# path: ~/go/pkg/mod
# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
# - name: Setup the project
# run: go mod download
# - name: Setup kind cluster
# shell: bash
# run: |
# ctlptl create cluster kind --registry=ctlptl-registry
# - name: Run 'tilt ci'
# shell: bash
# run: |
# tilt ci
# - name: Diag after failure
# if: ${{ failure() }}
# shell: bash
# run: |
# echo "K8S CLUSTER STATUS"
# kubectl get all
#
# echo ""
#
# for pod in $(kubectl get pod | awk '$1 != "NAME" { print $1; }')
# do
# echo ""
# echo "=== DIAG POD ${pod} ==="
# echo ""
# kubectl describe "pod/${pod#pod/}" | sed 's,^, ,'
# done