Merge pull request #655 from viccuad/deterministic-inventory #567
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
- push | |
- pull_request | |
- workflow_call | |
name: Continuous integration | |
# Declare default permissions as read only. | |
permissions: read-all | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
check: | |
name: Cargo check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: check | |
version-check: | |
name: Check Cargo.toml version | |
if: github.ref_type == 'tag' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download source code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Check cargo file version | |
run: | | |
CARGO_VERSION=$(sed -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml) | |
TAG_VERSION=$(echo ${{ github.ref_name }} | sed 's/v//') | |
if [ "$CARGO_VERSION" != "$TAG_VERSION" ];then | |
echo "::error title=Invalid Cargo.toml version::Cargo.toml version does not match the tag version" | |
exit 1 | |
fi | |
test: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: test | |
args: --workspace --bins | |
e2e-tests: | |
name: E2E tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 | |
- name: run e2e tests | |
run: make e2e-tests | |
fmt: | |
name: Rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- run: rustup component add rustfmt | |
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: fmt | |
args: --all -- --check | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- run: rustup component add clippy | |
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: clippy | |
args: -- -D warnings | |
shellcheck: | |
name: Shellcheck | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- run: shellcheck $(find scripts/ -name '*.sh') | |
airgap-e2e-test: | |
name: Airgap E2E test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Run registry | |
run: | | |
export CONTAINER_ID=$(docker run -d -p 5000:5000 --name registry registry:2) | |
echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV | |
- name: Install kwctl | |
run: cargo install --path . | |
- name: Save policies | |
run: ./scripts/kubewarden-save-policies.sh --policies-list tests/data/airgap/policies.txt --policies policies.tar.gz | |
- name: Remove policies from store | |
run: | | |
kwctl rm registry://ghcr.io/kubewarden/tests/pod-privileged:v0.1.9 | |
kwctl rm https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm | |
- name: Load policies | |
run: | | |
./scripts/kubewarden-load-policies.sh \ | |
--policies policies.tar.gz \ | |
--policies-list tests/data/airgap/policies.txt \ | |
--registry localhost:5000 \ | |
--sources-path tests/data/airgap/insecure.yml | |
- name: Verify policies in local registry | |
run: | | |
kwctl pull registry://localhost:5000/kubewarden/tests/pod-privileged:v0.1.9 \ | |
--sources-path tests/data/airgap/insecure.yml | |
kwctl pull registry://localhost:5000/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm \ | |
--sources-path tests/data/airgap/insecure.yml | |
- name: Clean up - delete registry | |
if: always() | |
run: | | |
docker rm -f ${{ env.CONTAINER_ID }} |