docker/attest-provider
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d33fc6e40fcd8cb5afd501fc8d79112ff26c30f
attest-provider/.github/workflows/workflow.yaml

128 lines
4.4 KiB
YAML
Raw Blame History

name: build_test
on:
workflow_dispatch:
push:
paths-ignore:
- "**.md"
branches:
- main
pull_request:
permissions:
contents: read
jobs:
lint:
name: "Lint"
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Set up Go 1.22
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download dependencies
run: |
export GOPRIVATE="github.com/docker/attest"
git config --global "url.https://x-access-token:${{ steps.app-token.outputs.token }}@github.com.insteadof" "https://github.com"
go mod download
# source: https://github.com/golangci/golangci-lint-action
- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.59
helm_build_test:
name: "[Helm] Build and Test"
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Set up Go 1.22
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Bootstrap e2e
env:
KIND_VERSION: 0.23.0
BATS_VERSION: 1.11.0
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH
GOBIN="${GITHUB_WORKSPACE}/bin" go install sigs.k8s.io/kind@v${KIND_VERSION}
curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && bash bats-core-${BATS_VERSION}/install.sh ${GITHUB_WORKSPACE}
- name: Create a kind cluster and install Gatekeeper
env:
GATEKEEPER_VERSION: 3.16.3
KUBERNETES_VERSION: 1.26.0
run: |
kind create cluster --image kindest/node:v${KUBERNETES_VERSION} --name gatekeeper
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm install gatekeeper/gatekeeper \
--version ${GATEKEEPER_VERSION} \
--set validatingWebhookTimeoutSeconds=15 \
--set enableExternalData=true \
--name-template=gatekeeper \
--namespace security \
--create-namespace \
--debug
- name: Build and install attest-provider
run: |
./scripts/generate-tls-cert.sh
export GITHUB_TOKEN=${{ steps.app-token.outputs.token }}
make docker-buildx kind-load-image
helm install attest-provider charts/attest-provider \
--set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
--set image="docker/attest-provider:dev" \
--set tufRoot=staging \
--set tufMetadataSource=https://docker.github.io/tuf-staging/metadata \
--set tufTargetsSource=https://docker.github.io/tuf-staging/targets \
--namespace security \
--wait --debug
- name: Run e2e
run: |
export GATEKEEPER_NAMESPACE=security
bats -t test/bats/test.bats
Reference in New Issue View Git Blame Copy Permalink