Add topaz configuration document #224
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| push: | |
| # Publish `main` as Docker `latest` image. | |
| branches: | |
| - main | |
| - dev | |
| - dev-* | |
| - release-* | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - v* | |
| # Run tests for all PRs | |
| pull_request: | |
| env: | |
| VAULT_ADDR: https://vault.eng.aserto.com/ | |
| PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }} | |
| GO_VERSION: "1.19" | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| uses: actions/checkout@v3 | |
| - | |
| name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - | |
| name: Setup caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| .ext | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum', 'Depfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - | |
| name: Install Tools | |
| run: | | |
| go run mage.go deps | |
| - | |
| name: Build | |
| run: | | |
| go run mage.go build | |
| - | |
| name: Lint | |
| run: | | |
| go run mage.go lint | |
| - | |
| name: Test | |
| run: | | |
| go run mage.go test | |
| - | |
| name: Upload code coverage | |
| uses: shogo82148/actions-goveralls@v1 | |
| continue-on-error: true | |
| with: | |
| path-to-profile: cover.out | |
| push: | |
| runs-on: ubuntu-latest | |
| # when on a branch only push if the branch is main | |
| # always push when ref is a tag | |
| if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-') || startsWith(github.ref, 'refs/heads/dev-') || startsWith(github.ref, 'refs/tags/v') ) | |
| steps: | |
| - | |
| name: Read Configuration | |
| uses: hashicorp/vault-action@v2.4.3 | |
| id: vault | |
| with: | |
| url: https://vault.eng.aserto.com/ | |
| token: ${{ secrets.VAULT_TOKEN }} | |
| secrets: | | |
| kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY; | |
| kv/data/github "USERNAME" | DOCKER_USERNAME; | |
| kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD; | |
| kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN; | |
| - | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - | |
| name: Setup caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| .ext | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum', 'Depfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - | |
| name: Login to GitHub Packages Docker Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: https://ghcr.io | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - | |
| name: Build Images | |
| run: | | |
| mkdir -p $HOME/.ssh | |
| umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa | |
| ssh-keyscan github.com >> $HOME/.ssh/known_hosts | |
| git config --global url."git@github.com:".insteadOf https://github.com/ | |
| git config --global user.email "github-bot@aserto.com" | |
| git config --global user.name "Aserto Bot" | |
| eval `ssh-agent` | |
| ssh-add $HOME/.ssh/id_rsa | |
| go run mage.go deps dockerImage | |
| - | |
| name: Wait for tests to succeed | |
| uses: fountainhead/action-wait-for-check@v1.1.0 | |
| id: wait-for-tests | |
| with: | |
| token: ${{ env.READ_WRITE_TOKEN }} | |
| checkName: test | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - | |
| name: Stop if tests fail | |
| if: steps.wait-for-tests.outputs.conclusion != 'success' | |
| run: exit 1 | |
| - | |
| name: Push image to GitHub Container Registry | |
| run: | | |
| go run mage.go dockerPush ghcr.io "aserto-dev" | |
| echo "IMAGE_VERSION=$(./.ext/gobin/sver-v*/sver)" >> $GITHUB_OUTPUT | |
| release: | |
| needs: [test, push] | |
| runs-on: ubuntu-latest | |
| # Only release when ref is a tag | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - | |
| name: Read Configuration | |
| uses: hashicorp/vault-action@v2.4.3 | |
| id: vault | |
| with: | |
| url: https://vault.eng.aserto.com/ | |
| token: ${{ secrets.VAULT_TOKEN }} | |
| secrets: | | |
| kv/data/github "SSH_PRIVATE_KEY" | SSH_PRIVATE_KEY; | |
| kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN; | |
| kv/data/github "ASERTO_TAP" | ASERTO_TAP; | |
| kv/data/gcp "SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE" | SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE; | |
| - | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - | |
| name: Setup caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| .ext | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum', 'Depfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - | |
| name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ steps.vault.outputs.READ_WRITE_TOKEN }} | |
| HOMEBREW_TAP: ${{ steps.vault.outputs.ASERTO_TAP }} | |
| GOOGLE_APPLICATION_CREDENTIALS: /tmp/gs.json | |
| run: | | |
| mkdir -p $HOME/.ssh | |
| umask 0077 && echo -e "${SSH_PRIVATE_KEY}" > $HOME/.ssh/id_rsa | |
| ssh-keyscan github.com >> $HOME/.ssh/known_hosts | |
| git config --global url."git@github.com:".insteadOf https://github.com/ | |
| git config --global user.email "github-bot@aserto.com" | |
| git config --global user.name "Aserto Bot" | |
| eval `ssh-agent` | |
| echo "${SERVICE_ACCOUNT_GITHUB_ACTIONS_RELEASE}" > /tmp/gs.json | |
| go run mage.go deps release | |
| msi: | |
| needs: release | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Read Configuration | |
| uses: hashicorp/vault-action@v2.4.3 | |
| id: vault | |
| with: | |
| url: ${{ env.VAULT_ADDR }} | |
| token: ${{ secrets.VAULT_TOKEN }} | |
| secrets: | | |
| kv/data/github "ROOT_TOKEN" | ROOT_TOKEN; | |
| - name: Download exe | |
| id: download_exe | |
| shell: bash | |
| run: | | |
| hub release download "${GITHUB_REF#refs/tags/}" -i '*windows_x86_64*.zip' | |
| printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT | |
| unzip -o *.zip && rm -v *.zip | |
| env: | |
| GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }} | |
| - name: Install go-msi | |
| run: choco install -y "go-msi" | |
| - name: Prepare PATH | |
| shell: bash | |
| run: | | |
| echo "$WIX\\bin" >> $GITHUB_PATH | |
| echo "C:\\Program Files\\go-msi" >> $GITHUB_PATH | |
| - name: Build MSI | |
| id: buildmsi | |
| shell: bash | |
| env: | |
| ZIP_FILE: ${{ steps.download_exe.outputs.zip }} | |
| run: | | |
| mkdir -p build | |
| msi="$(basename "$ZIP_FILE" ".zip").msi" | |
| printf "msi=${msi}" >> $GITHUB_OUTPUT | |
| go-msi make --arch amd64 --msi "$PWD/$msi" --out "$PWD/build" --version "${GITHUB_REF#refs/tags/}" | |
| - name: Upload MSI | |
| shell: bash | |
| run: | | |
| tag_name="${GITHUB_REF#refs/tags/}" | |
| hub release edit "$tag_name" -m "" -a "$MSI_FILE" | |
| release_url="$(gh api repos/:owner/:repo/releases -q ".[]|select(.tag_name==\"${tag_name}\")|.url")" | |
| publish_args=( -F draft=false ) | |
| gh api -X PATCH "$release_url" "${publish_args[@]}" | |
| env: | |
| MSI_FILE: ${{ steps.buildmsi.outputs.msi }} | |
| GITHUB_TOKEN: ${{ steps.vault.outputs.ROOT_TOKEN }} |