docker/attest-provider
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84a7b26e2cf8f3116d9fd4e20a3b81e75569868a
attest-provider/.github/workflows/workflow.yaml
mrjoelkamp 84a7b26e2c feat: add production tuf root
2024-07-10 10:06:59 -05:00

128 lines
4.4 KiB
YAML
Raw Blame History

name: build_test
on:
workflow_dispatch:
push:
paths-ignore:
- "**.md"
branches:
- main
pull_request:
permissions:
contents: read
jobs:
lint:
name: "Lint"
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Set up Go 1.22
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.22
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download dependencies
run: |
export GOPRIVATE="github.com/docker/attest"
git config --global "url.https://x-access-token:${{ steps.app-token.outputs.token }}@github.com.insteadof" "https://github.com"
go mod download
# source: https://github.com/golangci/golangci-lint-action
- name: golangci-lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: v1.59
helm_build_test:
name: "[Helm] Build and Test"
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Set up Go 1.22
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.22
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Bootstrap e2e
env:
KIND_VERSION: 0.23.0
BATS_VERSION: 1.11.0
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH
GOBIN="${GITHUB_WORKSPACE}/bin" go install sigs.k8s.io/kind@v${KIND_VERSION}
curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && bash bats-core-${BATS_VERSION}/install.sh ${GITHUB_WORKSPACE}
- name: Create a kind cluster and install Gatekeeper
env:
GATEKEEPER_VERSION: 3.16.3
KUBERNETES_VERSION: 1.26.0
run: |
kind create cluster --image kindest/node:v${KUBERNETES_VERSION} --name gatekeeper
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm install gatekeeper/gatekeeper \
--version ${GATEKEEPER_VERSION} \
--set validatingWebhookTimeoutSeconds=15 \
--set enableExternalData=true \
--name-template=gatekeeper \
--namespace security \
--create-namespace \
--debug
- name: Build and install attest-provider
run: |
./scripts/generate-tls-cert.sh
export GITHUB_TOKEN=${{ steps.app-token.outputs.token }}
make docker-buildx kind-load-image
helm install attest-provider charts/attest-provider \
--set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \
--set image="docker/attest-provider:dev" \
--set tufRoot=staging \
--set tufMetadataSource=https://docker.github.io/tuf-staging/metadata \
--set tufTargetsSource=https://docker.github.io/tuf-staging/targets \
--namespace security \
--wait --debug
- name: Run e2e
run: |
export GATEKEEPER_NAMESPACE=security
bats -t test/bats/test.bats
Reference in New Issue View Git Blame Copy Permalink