Skip to content

Merge pull request #658 from kubewarden/renovate/lock-file-maintenance #576

Merge pull request #658 from kubewarden/renovate/lock-file-maintenance

Merge pull request #658 from kubewarden/renovate/lock-file-maintenance #576

Workflow file for this run

on:
- push
- pull_request
- workflow_call
name: Continuous integration
# Declare default permissions as read only.
permissions: read-all
env:
CARGO_TERM_COLOR: always
jobs:
check:
name: Cargo check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: check
version-check:
name: Check Cargo.toml version
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
steps:
- name: Download source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check cargo file version
run: |
CARGO_VERSION=$(sed -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml)
TAG_VERSION=$(echo ${{ github.ref_name }} | sed 's/v//')
if [ "$CARGO_VERSION" != "$TAG_VERSION" ];then
echo "::error title=Invalid Cargo.toml version::Cargo.toml version does not match the tag version"
exit 1
fi
test:
name: Unit tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: test
args: --workspace --bins
e2e-tests:
name: E2E tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
- name: run e2e tests
run: make e2e-tests
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- run: rustup component add rustfmt
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: fmt
args: --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- run: rustup component add clippy
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: clippy
args: -- -D warnings
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: shellcheck $(find scripts/ -name '*.sh')
airgap-e2e-test:
name: Airgap E2E test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run registry
run: |
export CONTAINER_ID=$(docker run -d -p 5000:5000 --name registry registry:2)
echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV
- name: Install kwctl
run: cargo install --path .
- name: Save policies
run: ./scripts/kubewarden-save-policies.sh --policies-list tests/data/airgap/policies.txt --policies policies.tar.gz
- name: Remove policies from store
run: |
kwctl rm registry://ghcr.io/kubewarden/tests/pod-privileged:v0.1.9
kwctl rm https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm
- name: Load policies
run: |
./scripts/kubewarden-load-policies.sh \
--policies policies.tar.gz \
--policies-list tests/data/airgap/policies.txt \
--registry localhost:5000 \
--sources-path tests/data/airgap/insecure.yml
- name: Verify policies in local registry
run: |
kwctl pull registry://localhost:5000/kubewarden/tests/pod-privileged:v0.1.9 \
--sources-path tests/data/airgap/insecure.yml
kwctl pull registry://localhost:5000/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm \
--sources-path tests/data/airgap/insecure.yml
- name: Clean up - delete registry
if: always()
run: |
docker rm -f ${{ env.CONTAINER_ID }}