diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index e812062f329..48ad7cd3ce8 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -17,33 +17,36 @@ permissions: contents: read jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - # Generate the installation manifests first, so it can check - # for errors while running `make -k lint` - - run: IMAGE_PULL_POLICY=Always make generate-manifests - - run: make lint-deps - - run: make -k lint - - gen-check: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - run: make -k gen-check - - license-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - run: make -k licensecheck + # lint: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + # # Generate the installation manifests first, so it can check + # # for errors while running `make -k lint` + # - run: IMAGE_PULL_POLICY=Always make generate-manifests + # - run: make lint-deps + # - run: make -k lint + + # gen-check: + # runs-on: ubuntu-22.04 + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + # - run: make -k gen-check + + # license-check: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + # - run: make -k licensecheck coverage-test: runs-on: ubuntu-latest + permissions: + contents: read # This is required for actions/checkout + id-token: write # This is required for fetching OIDC token steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - uses: ./tools/github-actions/setup-deps @@ -52,127 +55,128 @@ jobs: - name: Run Coverage Tests run: make go.test.coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 with: - fail_ci_if_error: false + fail_ci_if_error: true files: ./coverage.xml name: codecov-envoy-gateway verbose: true - - build: - runs-on: ubuntu-latest - needs: [lint, gen-check, license-check, coverage-test] - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - - name: Build EG Multiarch Binaries - run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64" - - - name: Upload EG Binaries - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: envoy-gateway - path: bin/ - - conformance-test: - runs-on: ubuntu-latest - needs: [build] - strategy: - matrix: - version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ] - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - - name: Download EG Binaries - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: envoy-gateway - path: bin/ - - - name: Give Privileges To EG Binaries - run: | - chmod +x bin/linux/amd64/envoy-gateway - chmod +x bin/linux/arm64/envoy-gateway - - # conformance - - name: Run Standard Conformance Tests - env: - KIND_NODE_TAG: ${{ matrix.version }} - IMAGE_PULL_POLICY: IfNotPresent - run: make conformance - - e2e-test: - runs-on: ubuntu-latest - needs: [build] - strategy: - matrix: - version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ] - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - - name: Download EG Binaries - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: envoy-gateway - path: bin/ - - - name: Give Privileges To EG Binaries - run: | - chmod +x bin/linux/amd64/envoy-gateway - chmod +x bin/linux/arm64/envoy-gateway - - # E2E - - name: Run E2E Tests - env: - KIND_NODE_TAG: ${{ matrix.version }} - IMAGE_PULL_POLICY: IfNotPresent - run: make e2e - - publish: - runs-on: ubuntu-latest - needs: [conformance-test, e2e-test] - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: ./tools/github-actions/setup-deps - - - name: Download EG Binaries - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: envoy-gateway - path: bin/ - - - name: Give Privileges To EG Binaries - run: | - chmod +x bin/linux/amd64/envoy-gateway - chmod +x bin/linux/arm64/envoy-gateway - - # build and push image - - name: Login to DockerHub - if: github.event_name == 'push' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Setup Multiarch Environment - if: github.event_name == 'push' - run: make image.multiarch.setup - - - name: Build and Push EG Commit Image - if: github.event_name == 'push' - # tag is set to the short SHA of the commit - run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev - - - name: Build and Push EG Latest Image - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - # tag is set to `latest` when pushing to main branch - run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev - - - name: Build and Push EG Latest Helm Chart - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - # use `0.0.0` as the default latest version. - # use `Always` image pull policy for latest version. - run: IMAGE_PULL_POLICY=Always OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push + use_oidc: true + + # build: + # runs-on: ubuntu-latest + # needs: [lint, gen-check, license-check, coverage-test] + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + + # - name: Build EG Multiarch Binaries + # run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64" + + # - name: Upload EG Binaries + # uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + # with: + # name: envoy-gateway + # path: bin/ + + # conformance-test: + # runs-on: ubuntu-latest + # needs: [build] + # strategy: + # matrix: + # version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ] + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + + # - name: Download EG Binaries + # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + # with: + # name: envoy-gateway + # path: bin/ + + # - name: Give Privileges To EG Binaries + # run: | + # chmod +x bin/linux/amd64/envoy-gateway + # chmod +x bin/linux/arm64/envoy-gateway + + # # conformance + # - name: Run Standard Conformance Tests + # env: + # KIND_NODE_TAG: ${{ matrix.version }} + # IMAGE_PULL_POLICY: IfNotPresent + # run: make conformance + + # e2e-test: + # runs-on: ubuntu-latest + # needs: [build] + # strategy: + # matrix: + # version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ] + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + + # - name: Download EG Binaries + # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + # with: + # name: envoy-gateway + # path: bin/ + + # - name: Give Privileges To EG Binaries + # run: | + # chmod +x bin/linux/amd64/envoy-gateway + # chmod +x bin/linux/arm64/envoy-gateway + + # # E2E + # - name: Run E2E Tests + # env: + # KIND_NODE_TAG: ${{ matrix.version }} + # IMAGE_PULL_POLICY: IfNotPresent + # run: make e2e + + # publish: + # runs-on: ubuntu-latest + # needs: [conformance-test, e2e-test] + # steps: + # - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + # - uses: ./tools/github-actions/setup-deps + + # - name: Download EG Binaries + # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + # with: + # name: envoy-gateway + # path: bin/ + + # - name: Give Privileges To EG Binaries + # run: | + # chmod +x bin/linux/amd64/envoy-gateway + # chmod +x bin/linux/arm64/envoy-gateway + + # # build and push image + # - name: Login to DockerHub + # if: github.event_name == 'push' + # uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_PASSWORD }} + + # - name: Setup Multiarch Environment + # if: github.event_name == 'push' + # run: make image.multiarch.setup + + # - name: Build and Push EG Commit Image + # if: github.event_name == 'push' + # # tag is set to the short SHA of the commit + # run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev + + # - name: Build and Push EG Latest Image + # if: github.event_name == 'push' && github.ref == 'refs/heads/main' + # # tag is set to `latest` when pushing to main branch + # run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev + + # - name: Build and Push EG Latest Helm Chart + # if: github.event_name == 'push' && github.ref == 'refs/heads/main' + # # use `0.0.0` as the default latest version. + # # use `Always` image pull policy for latest version. + # run: IMAGE_PULL_POLICY=Always OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push diff --git a/README.md b/README.md index 25fa9af8d94..bac1a11f41b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # Envoy Gateway + [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/envoyproxy/gateway/badge)](https://securityscorecards.dev/viewer/?uri=github.com/envoyproxy/gateway) [![Build and Test](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml/badge.svg)](https://github.com/envoyproxy/gateway/actions/workflows/build_and_test.yaml) [![codecov](https://codecov.io/gh/envoyproxy/gateway/branch/main/graph/badge.svg)](https://codecov.io/gh/envoyproxy/gateway) diff --git a/charts/gateway-helm/README.md b/charts/gateway-helm/README.md index c2d5f63fe04..4f8d713b3b3 100644 --- a/charts/gateway-helm/README.md +++ b/charts/gateway-helm/README.md @@ -1,5 +1,6 @@ # gateway-helm + ![Version: v0.0.0-latest](https://img.shields.io/badge/Version-v0.0.0--latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) The Helm chart for Envoy Gateway