chore: Change CODEOWNERS #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: External Secrets Workable CI | |
| on: | |
| push: | |
| tags: | |
| - workable-* | |
| pull_request: | |
| branches: | |
| - workable-* | |
| env: | |
| # Common versions | |
| GOLANGCI_VERSION: "v1.60.1" | |
| KUBERNETES_VERSION: "1.31.x" | |
| permissions: | |
| contents: read | |
| jobs: | |
| detect-noop: | |
| permissions: | |
| actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs | |
| contents: read # for fkirc/skip-duplicate-actions to read and compare commits | |
| runs-on: ubuntu-latest | |
| outputs: | |
| noop: ${{ steps.noop.outputs.should_skip }} | |
| steps: | |
| - name: Detect No-op Changes | |
| id: noop | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
| do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
| concurrent_skipping: false | |
| lint: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | |
| with: | |
| version: ${{ env.GOLANGCI_VERSION }} | |
| skip-pkg-cache: true | |
| skip-build-cache: true | |
| check-diff: | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Check Diff | |
| run: | | |
| make check-diff | |
| unit-tests: | |
| runs-on: ubuntu-latest | |
| needs: detect-noop | |
| if: needs.detect-noop.outputs.noop != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Fetch History | |
| run: git fetch --prune --unshallow | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| id: setup-go | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Download Go modules | |
| if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} | |
| run: go mod download | |
| - name: Cache envtest binaries | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: bin/k8s | |
| key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} | |
| - name: Run Unit Tests | |
| run: | | |
| make test | |
| - name: Publish Unit Test Coverage | |
| if: false | |
| uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| flags: unittests | |
| file: ./cover.out | |
| publish-artifacts: | |
| needs: [lint, check-diff, unit-tests] | |
| if: ${{ needs.detect-noop.outputs.noop != 'true' && startsWith(github.ref, 'refs/tags/workable-') }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| environment: Workable | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Get image tag | |
| id: container-info | |
| run: | | |
| echo "image-tag=${GITHUB_REF#refs/tags/workable-}" >> $GITHUB_OUTPUT | |
| - name: Build image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.1 | |
| with: | |
| context: . | |
| file: Dockerfile.standalone | |
| push: false | |
| tags: Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| provenance: false | |
| # DISTRIBUTION OF SRE IMAGE | |
| - name: Login to sre registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.SRE_GCR_SA }} | |
| - name: Push image to sre registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/sre-artifacts-20e4/gcr.io | |
| run: | | |
| docker tag Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF STAGING IMAGE | |
| - name: Login to staging registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.STAGING_GCR_SA }} | |
| - name: Push image to staging registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/staging-artifacts-786a/gcr.io | |
| run: | | |
| docker tag Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| # DISTRIBUTION OF PRODUCTION IMAGE | |
| - name: Login to production registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.PRODUCTION_GCR_SA }} | |
| - name: Push image to production registry | |
| env: | |
| REGISTRY: us-docker.pkg.dev/production-artifacts-0b0d/gcr.io | |
| run: | | |
| docker tag Workable/external-secrets:${{ steps.container-info.outputs.image-tag }} \ | |
| ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} | |
| docker push ${{ env.REGISTRY }}/external-secrets:${{ steps.container-info.outputs.image-tag }} |