Skip to content

Adds FSGroup to EEC podSecurityContext #14691

Adds FSGroup to EEC podSecurityContext

Adds FSGroup to EEC podSecurityContext #14691

Workflow file for this run

name: CI
on:
push:
branches:
- main
- release-*
pull_request:
branches:
- "*"
permissions:
contents: read
env:
DOCKER_REGISTRY: "quay.io"
DOCKER_REPOSITORY: "dynatrace/dynatrace-operator"
jobs:
helm-test:
name: Run helm unit tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Unit tests
id: helm-unittest
run: |
make test/helm/unit
helm-lint:
name: Run helm linting
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Linting
id: helm-linting
run: |
make test/helm/lint
tests:
name: Run unit tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Golang
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: "${{ github.workspace }}/go.mod"
- name: Download dependencies
id: depdownload
run: |
hack/build/ci/install-cgo-dependencies.sh
- name: Run unit tests and integration tests
id: unittest
run: |
make go/test
make go/integration_test
- name: Check test coverage
id: check-code-coverage
run: |
make go/check-coverage
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
with:
fail_ci_if_error: true
verbose: true
files: ./coverage.txt
flags: unittests # optional
name: codecov-umbrella # optional
token: ${{ secrets.CODECOV_TOKEN }}
linting:
name: Run linting
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: "${{ github.workspace }}/go.mod"
- name: Download dependencies
id: depdownload
run: |
hack/build/ci/install-cgo-dependencies.sh
- name: Run golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
# renovate depName=github.com/golangci/golangci-lint
version: v1.62.0
args: --build-tags e2e --timeout 300s --out-${NO_FUTURE}format colored-line-number
- name: Run deadcode
id: deadcode
run: |
make go/deadcode
generated-files:
name: Check generated files
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: "${{ github.workspace }}/go.mod"
- name: Check deepcopy files
id: deepcopy
run: |
make manifests/deepcopy
git diff --exit-code
security:
name: Code security scanning alerts
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
args: --severity-threshold=high
markdown-lint:
name: Lint markdown files
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Lint markdown files
uses: articulate/actions-markdownlint@87f495d21507d6844dc917a01e742eaaa45049c0 # v1.1.0
with:
config: .markdownlint.json
# renovate depName=github.com/igorshubovych/markdownlint-cli
version: v0.42.0
check-uncommitted-doc-changes:
name: Check uncommitted changes in api docs action
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: "${{ github.workspace }}/go.mod"
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
- name: Run make doc to see uncommitted changes
run: make doc
- name: Check for uncommitted changes
id: check-changes
uses: mskri/check-uncommitted-changes-action@2b152539dd033c3a26e0dd1d8b9a0c8e4d3a8a19 # v1.0.1
- name: Evaluate if there are changes
if: steps.check-changes.outputs.outcome == failure()
run: echo "There are uncommitted changes"
prepare:
name: Prepare properties
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Prepare build parameters
id: prep
run: |
hack/build/ci/prepare-build-variables.sh
- name: Docker metadata
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
id: meta
with:
images: dynatrace/dynatrace-operator
tags: ${{ steps.prep.outputs.docker_image_tag }}
labels: |
${{ steps.prep.outputs.docker_image_labels }}
vcs-ref=${{ github.sha }}
- name: Prepare build parameters
id: prepenv
run: |
# Set output parameters.
# Reason: global envs do not work in workflow calls
# More info: https://github.com/actions/runner/issues/480#issuecomment-1021278915
echo "registry=${{ env.DOCKER_REGISTRY }}" >> "$GITHUB_OUTPUT"
echo "repository=${{ env.DOCKER_REPOSITORY }}" >> "$GITHUB_OUTPUT"
outputs:
labels: ${{ steps.meta.outputs.labels }}
version: ${{ steps.prep.outputs.docker_image_tag }}
registry: ${{ steps.prepenv.outputs.registry }}
repository: ${{ steps.prepenv.outputs.repository }}
build:
name: Build images
runs-on: ubuntu-latest
needs: [prepare, tests, linting, generated-files]
strategy:
matrix:
platform: [amd64, arm64, ppc64le, s390x]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build image
if: matrix.platform == 'amd64' || github.ref_protected
uses: ./.github/actions/build-image
with:
platform: ${{ matrix.platform }}
labels: ${{ needs.prepare.outputs.labels }}
image-tag: ${{ needs.prepare.outputs.version }}
push:
name: Push images
runs-on: ubuntu-latest
needs: [prepare, build]
strategy:
matrix:
platform: [amd64, arm64, ppc64le, s390x]
if: ${{ !github.event.pull_request.head.repo.fork }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Login to Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Upload Image
if: matrix.platform == 'amd64' || github.ref_protected
uses: ./.github/actions/upload-image
with:
platform: ${{ matrix.platform }}
labels: ${{ needs.prepare.outputs.labels }}
version: ${{ needs.prepare.outputs.version }}
registry: ${{ needs.prepare.outputs.registry }}
repository: ${{ needs.prepare.outputs.repository }}
manifest:
name: Create manifest
needs: [prepare, push]
runs-on: ubuntu-latest
env:
COMBINED: ${{ github.ref_protected }}
if: ${{ !github.event.pull_request.head.repo.fork }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Login to Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Create Manifests
uses: ./.github/actions/create-manifests
with:
version: ${{ needs.prepare.outputs.version }}
registry: ${{ needs.prepare.outputs.registry }}
repository: ${{ needs.prepare.outputs.repository }}
combined: ${{ env.COMBINED }}