ci-test.yml

name: CI-TEST
on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:
permissions:
  contents: read
jobs:
  ci-test:
    permissions:
      contents: read
      statuses: write
    runs-on: ubuntu-latest
    strategy:
      matrix:
        k8sVersion: ["1.25.x", "1.26.x", "1.27.x", "1.28.x", "1.29.x", "1.30.x", "1.31.x"]
    env:
      K8S_VERSION: ${{ matrix.k8sVersion }}
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
      with:
        disable-telemetry: true
        egress-policy: block
        allowed-endpoints: > # dl.k8s.io is for 1.25 CI only
          *.dl.k8s.io:443
          api.github.com:443
          dl.k8s.io:443
          coveralls.io:443
          github.com:443
          objects.githubusercontent.com:443
          proxy.golang.org:443
          raw.githubusercontent.com:443
          storage.googleapis.com:443
          sum.golang.org:443

    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
    - uses: ./.github/actions/install-deps
      with:
        k8sVersion: ${{ matrix.k8sVersion }}
    - run: K8S_VERSION=${{ matrix.k8sVersion }} make ci-test
    - name: Send coverage
      # should only send coverage once https://docs.coveralls.io/parallel-builds
      if: matrix.k8sVersion == '1.27.x'
      env:
        COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: goveralls -coverprofile=coverage.out -service=github