ondat · mhmxs · Feb 14, 2023 · Mar 14, 2023 · Mar 16, 2023 · Mar 16, 2023
diff --git a/.dockerignore b/.dockerignore
@@ -1,4 +1,7 @@
 # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 # Ignore build and test binaries.
+.git/
+.github/
+.husky/
 bin/
 testbin/
diff --git a/.earthlyignore b/.earthlyignore
@@ -0,0 +1,6 @@
+.git/
+.github/
+.husky/
+.vscode/
+bin/
+kind-logs-*
diff --git a/.github/workflows/_docker-build.yml b/.github/workflows/_docker-build.yml
diff --git a/.github/workflows/_gocilint.yml b/.github/workflows/_gocilint.yml
diff --git a/.github/workflows/_gosecscan.yml b/.github/workflows/_gosecscan.yml
diff --git a/.github/workflows/_kuttl.yml b/.github/workflows/_kuttl.yml
diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml
diff --git a/.github/workflows/_trivy.yml b/.github/workflows/_trivy.yml
diff --git a/.github/workflows/e2e-on-pr.yaml b/.github/workflows/e2e-on-pr.yaml
@@ -0,0 +1,80 @@
+# in test don't use yet
+
+name: end-2-end build
+
+on:
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: read
+  actions: read
+  security-events: write
+  packages: write
+
+concurrency:
+  group: ci-e2e-${{ github.ref }}-1
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  IMAGE_TAG: ${{ github.sha }}
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      packages: write
+    steps:
+    - name: harden runner
+      uses: step-security/harden-runner@9b0655f430fba8c7001d4e38f8d4306db5c6e0ab
+      with:
+        egress-policy: audit
+    - name: checkout repository
+      uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+    - name: log in to ghrc.io 
+      uses: docker/login-action@1edf6180e07d2ffb423fc48a1a552855c0a1f508
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: restore cache Earthly build
+      uses: actions/cache/restore@v3
+      with:
+        path: /var/lib/docker/volumes/earthly-cache/
+        key: earthly-cache
+    - name: run golangci-lint
+      run: make lint
+    - name: run gosec scan
+      run: make gosec
+    - name: run test
+      run: make test
+    - name: run image scan
+      run: make scan-image
+    - name: generate bundle manifest
+      run: make bundle
+    - name: run e2e test
+      run: make e2e-test
+    - name: upload Kind logs
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: kind-logs
+        path: kind-logs-*
+    - name: upload Trivy scan results to GitHub Security tab
+      if: always()
+      uses: github/codeql-action/upload-sarif@1fc1008278d05ba9455caf083444e6c5a1a3cfd8
+      with:
+        sarif_file: 'trivy-results.sarif'
+    - name: set owner of earthly cache
+      if: always()
+      run: sudo chown -R $(whoami) /var/lib/docker/volumes/earthly-cache
+    - name: save cache Earthly build
+      if: always()
+      uses: actions/cache/save@v3
+      with:
+        path: /var/lib/docker/volumes/earthly-cache/
+        key: earthly-cache
diff --git a/.github/workflows/e2e-on-pr.yml b/.github/workflows/e2e-on-pr.yml
diff --git a/.github/workflows/go-lint-scan-pull_request.yaml b/.github/workflows/go-lint-scan-pull_request.yaml
diff --git a/.github/workflows/gosec-scanner-on-pull_request.yaml b/.github/workflows/gosec-scanner-on-pull_request.yaml